[Date Prev][Date Next] [Chronological] [Thread] [Top]

Account Usable Request Control (


At the moment I'm working with the Sun Java System Directory Server. I would like to migrate to Openldap but of course without losing functionality. I enabled pam_ldap account management on all my Linux and Solaris computers and everything worked fine. Everyone could do nonpassword-based logins using tools such as rsh or ssh. This feature was provided by the "Account Usable Request Control" ( from the Directory Server which is needed by the ldap_pam module from Solaris. After the installation from openldap on my Solaris server I recognized that nonpassword-based logins on the Solaris computers are not possible anymore. This problem [1] was discussed 2 years ago on "openldap-software@openldap.org" but there was no solution described. I would like to know if there is a way to get this feature enabled with openldap? If not what can i do else?

More technically: If a ssh client connects with public key authentication to a Solaris computer the pam module is sending a query to the ldap server if the account policies are handled by ldap to get all supportedControls and to check if the "Account Usable Request Control" exists to retrieve the policy data without the explicit login from the user.

Thanks in advance!


[1] http://www.openldap.org/lists/openldap-software/200710/msg00041.html