On 23/09/2011 14:42, Christopher Wood wrote:
On Fri, Sep 23, 2011 at 12:19:17PM +0200, Simone Piccardi wrote:
On 22/09/2011 16:10, Christopher Wood wrote:
Debian/Ubuntu: install nslcd, libnss-ldapd, libpam-ldapd, configure your /etc/nslcd.conf,
and ensure you have "compat ldap" as lookups listed in /etc/nsswitch.conf for
passwd, group, shadow. (I figure on the whole nss-pam-ldapd arrangement for CentOS6 too,
but I haven't gotten that far yet.)
This, at least for Debian Stable and Ubuntu LTS has an important
shortcoming, it does not update shadowLastChange on password change.
So if you set a password expiration they will stay expired forever.
This depends where passwords are maintained. Certainly in your case it sounds
like the authoritative password copy is maintained in the directory.
The problem I'm talking is not about password, they are just in
userPassword.
Problem arise form the lack of managament of shadowLastChange in the
current version of nslcd, libnss-ldapd, libpam-ldapd, for both Squeeze
and Lucid.
It should work if you use the old libpam-ldap.
Simone
--
Simone Piccardi Truelite Srl
picca...@truelite.it (email/jabber) Via Monferrato, 6
Tel. +39-347-1032433 50142 Firenze
http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336
