Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13/01/2011, at 17:45, Konstantin Boyandin wrote:Hello, Could someone direct me to the source of wisdom to solve this: I have set correctly the fields (attributes) shadowExpire shadowLastChange shadowMin shadowMax to make the account expired (OpenLDAP used to run NT domain), but when I ssh to a server using pam_ldap authentication, it is still allowed to login. How pam_ldap should be instructed to take the expiration attributes ito account?Isnt this handled via nsswitch? Can you show us your /etc/nsswitch.conf, and your /etc/ldap.conf (not your /etc/openldap/ldap.conf
As a reminder - the OpenLDAP-technical list is for the discussion of actual OpenLDAP software, as well as how to make other software interoperate with it. Questions that are purely about how to use 3rd party software "foo" work at all do not belong on this list.
There is no evidence that the original poster is having any trouble using OpenLDAP. His question is entirely about making 3rd party software work, and those questions belong on the support forums for those 3rd party software packages.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/