[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and Red Hat Linux

Joe Friedeggs schrieb:
> Debugging this issue has caused me a bit of confusion.  In the LDAP logs, when logging into other equipment that 'binds as user', I see warnings, etc. returned:
>    ppolicy_bind: Setting warning for password expiry for uid=test_user,ou=people,o=theorg,dc=example,dc=net = 1251 secds
> BUT, since the Linux LDAP client has a separate 'binddn', I don't see these warnings when the Linux LDAP client does the ldapsearch to validate the user.  How does the policy work in this situation?
> Am I missing something here?


have a look at 'man pam_ldap':

>        pam_lookup_policy <yes|no>
>               Specifies whether to search the root DSE for password policy. The default is "no".

Did you set that to yes on your clients in /etc/ldap.conf or what ever
it is called on RHEL5?

Christian Manal