[Date Prev][Date Next]
Re: LDAP and PAM: account is expired, but pam_ldap allows authentification
-----BEGIN PGP SIGNED MESSAGE-----
On 13/01/2011, at 17:45, Konstantin Boyandin wrote:
Could someone direct me to the source of wisdom to solve this: I have
set correctly the fields (attributes)
to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito
Isnt this handled via nsswitch? Can you show us your /etc/nsswitch.conf, and your /etc/ldap.conf (not your /etc/openldap/ldap.conf
As a reminder - the OpenLDAP-technical list is for the discussion of actual
OpenLDAP software, as well as how to make other software interoperate with it.
Questions that are purely about how to use 3rd party software "foo" work at
all do not belong on this list.
There is no evidence that the original poster is having any trouble using
OpenLDAP. His question is entirely about making 3rd party software work, and
those questions belong on the support forums for those 3rd party software
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/