Re: Check ppolicy

[Jordi Espasa Clofent <jespasac@minibofh.org>]

In OpenLDAP server I can see that ppolicy is working as expected:

Jun 16 18:12:13 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning 
for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com 
= 112 seconds
Jun 16 18:13:12 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning 
for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com 
= 53 seconds
Jun 16 18:13:44 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning 
for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com 
= 21 seconds
Jun 16 18:13:59 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning 
for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com 
= 6 seconds
Jun 16 18:14:11 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry 
uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password: 
0 grace logins
Jun 16 18:14:19 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry 
uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password: 
0 grace logins
Jun 16 18:19:43 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry 
uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password: 
0 grace logins

but I don't understand why in the client prompt I don't see these 
warning. The only warning I see is when the password has already expired 
(setting up the 'pam_password_prohibit_message' in ldap.conf client side):

You are required to change your LDAP password immediately.
Please visit http://my_gui_to_change_password
Old Password:

¿Why can I see this message and not the expire time or grace login warnings?

--
Thanks,
Jordi Espasa Clofent