Problems with slapd and access rules

2010-07-19 Thread Licause, Al
I am having problems with access control in slapd.conf. If I leave all access control commented in slapd.conf, the ssh user can login and id works. But if the users password expires though the use of the ppolicy directives, they are prompted to change the password but cannot due to an Insuffic

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-09 Thread Licause, Al
Okgood progress...and thanks again for the data. -Original Message- From: Buchan Milne [mailto:bgmi...@staff.telkomsa.net] Sent: Friday, July 09, 2010 12:27 PM To: Licause, Al Cc: Chris Jacobs; openldap-technical@openldap.org Subject: Re: Expired password allowed in via

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-09 Thread Licause, Al
...@openldap.org] On Behalf Of Chris Jacobs Sent: Thursday, July 08, 2010 3:04 PM To: Licause, Al; Buchan Milne; openldap-technical@openldap.org Subject: RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user What I've done in my implementation is to enable password expira

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-08 Thread Licause, Al
ne [mailto:bgmi...@staff.telkomsa.net] Sent: Monday, July 05, 2010 4:56 AM To: openldap-technical@openldap.org Cc: Licause, Al Subject: Re: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user I did not reply to your off-list mails, primarily because I was out of the office (at a data

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-08 Thread Licause, Al
any other pam module ? Am I missing a module ? Do I need a later version of nss_ldap or some other component ? Al -Original Message- From: Buchan Milne [mailto:bgmi...@staff.telkomsa.net] Sent: Monday, July 05, 2010 4:56 AM To: openldap-technical@openldap.org Cc: Licause, Al Subject

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-06 Thread Licause, Al
than zero. Al -Original Message- From: Buchan Milne [mailto:bgmi...@staff.telkomsa.net] Sent: Tuesday, July 06, 2010 9:06 AM To: Licause, Al Cc: openldap-technical@openldap.org Subject: Re: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user On Tuesday, 6 July 2010 13:24:51 Lic

RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-06 Thread Licause, Al
Buchan, Thanks for the information.please see my responses inserted below. Al -Original Message- From: Buchan Milne [mailto:bgmi...@staff.telkomsa.net] Sent: Monday, July 05, 2010 4:56 AM To: openldap-technical@openldap.org Cc: Licause, Al Subject: Re: Expired password allowed in

Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

2010-07-02 Thread Licause, Al
I have installed and configured the ppolicy overlay software on a Red Hat V5.4 server along with the openldap server software and the following components: openldap-servers-2.3.43-3.el5 python-ldap-2.2.0-2.1 openldap-devel-2.3.43-3.el5 checkpassword-ldap-0.01-1.2.el5.rf mozldap-6.0.5-1.el5 openld