Hi guys,
I hope someone can shed some light for my problem here.

Here's the scenarion.
I basically decided to add password aging to my user accounts in my existing openldap server.

In order to test, I created a new account by adding in the shadowAccount objectClass. After adding the account into the ldap server, i used 'getent shadow' and could see the following

jovi:$1$KSGJUGNC$BrExS9H3eXevcL41QufRV/:14902:2:4:1:::

After seeing jovi has been added to the shadow database, i thought that everything had gone smoothly, and begun changing the the account's password over and over again. The strange thing is that I've configured shadowMin=2, so it should not allow me to change the password consequtively until after 2 days.
Any idea why this is happening? Is there any problem with the shadowAccount objectclass?

Account information
dn: uid=jovi,ou=users,dc=example,dc=com
uid: jovi
cn: jovi
objectclass: account
objectclass: posixAccount
objectclass: top
objectClass: shadowAccount
loginshell: /bin/bash
uidnumber: 503
gidnumber: 200
homedirectory: /home/tech
userpassword: {SSHA}cGvb1JQ2gYXFfpngE9dCTOW2FbN80PF2
shadowLastChange: 14901
shadowMin: 2
shadowMax: 4
shadowWarning: 1
shadowInactive: -1






I really appreciate any kind of help!