[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and PAM: account is expired, but pam_ldap allows authentification

Indexer wrote:
Hash: SHA1


to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.

This look to be a question where the user does not know what is
for the issue he is seeing, but does relate to his attempt to use OpenLDAP. He
is correct in asking here, and helpfully pointing him in the correct direction
is the right course of action, rather than saying "you are wrong to ask this
here". This problem may have been to him related to missing elements from his
user objects (which would have been openldap) or it was anything else.

Pointing him to pam_ldap was the correct action.

Also you said

As a reminder - the OpenLDAP-technical list is for the discussion of
actual OpenLDAP software, as well as how to make other software
interoperate with it. Questions that are purely about how to use 3rd
party software "foo" work at all do not belong on this list.

This counts as "other software interoperate with it." from where I am
sitting. I have seen many questions like this, and I think it should be
something we answer and point people in the correct direction of rather
than saying "you'll get no help here"

So instead of going to a doctor to be referred to a specialist, you will go
straight to a specialist without knowing what your problem is? makes
complete sense.

It was obvious that he was not asking "why doesn't my pam_ldap talk to my OpenLDAP server."

Missing elements from the user objects is a *data* problem, it is not an interoperability problem. He would have the same issue whether the server was OpenLDAP, Oracle, or M$AD. It has nothing to do with OpenLDAP, and a careful reader would have known all of this. If you're not reading carefully, you should not be responding to the posts.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/