[Date Prev][Date Next]
Re: LDAP and PAM: account is expired, but pam_ldap allows authentification
-----BEGIN PGP SIGNED MESSAGE-----
to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.
This look to be a question where the user does not know what is
for the issue he is seeing, but does relate to his attempt to use OpenLDAP. He
is correct in asking here, and helpfully pointing him in the correct direction
is the right course of action, rather than saying "you are wrong to ask this
here". This problem may have been to him related to missing elements from his
user objects (which would have been openldap) or it was anything else.
Pointing him to pam_ldap was the correct action.
Also you said
As a reminder - the OpenLDAP-technical list is for the discussion of
actual OpenLDAP software, as well as how to make other software
interoperate with it. Questions that are purely about how to use 3rd
party software "foo" work at all do not belong on this list.
This counts as "other software interoperate with it." from where I am
sitting. I have seen many questions like this, and I think it should be
something we answer and point people in the correct direction of rather
than saying "you'll get no help here"
So instead of going to a doctor to be referred to a specialist, you will go
straight to a specialist without knowing what your problem is? makes
It was obvious that he was not asking "why doesn't my pam_ldap talk to my
Missing elements from the user objects is a *data* problem, it is not an
interoperability problem. He would have the same issue whether the server was
OpenLDAP, Oracle, or M$AD. It has nothing to do with OpenLDAP, and a careful
reader would have known all of this. If you're not reading carefully, you
should not be responding to the posts.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/