Konstantin Boyandin wrote:
Hello,
Could someone direct me to the source of wisdom to solve this: I have
set correctly the fields (attributes)
shadowExpire
shadowLastChange
shadowMin
shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito
account?
Ask on a pam_ldap mailing list. pam_ldap is not a piece of OpenLDAP software,
your question is off topic here.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/