Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/01/2011, at 17:45, Konstantin Boyandin wrote:
Hello,
Could someone direct me to the source of wisdom to solve this: I have
set correctly the fields (attributes)
shadowExpire
shadowLastChange
shadowMin
shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito
account?
Isnt this handled via nsswitch? Can you show us your /etc/nsswitch.conf, and
your /etc/ldap.conf (not your /etc/openldap/ldap.conf
As a reminder - the OpenLDAP-technical list is for the discussion of actual
OpenLDAP software, as well as how to make other software interoperate with it.
Questions that are purely about how to use 3rd party software "foo" work at
all do not belong on this list.
There is no evidence that the original poster is having any trouble using
OpenLDAP. His question is entirely about making 3rd party software work, and
those questions belong on the support forums for those 3rd party software
packages.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/