[Date Prev][Date Next]
Re: migrating from (old) /etc/shadow to LDAP
On 23/09/2011 14:42, Christopher Wood wrote:
On Fri, Sep 23, 2011 at 12:19:17PM +0200, Simone Piccardi wrote:
On 22/09/2011 16:10, Christopher Wood wrote:
Debian/Ubuntu: install nslcd, libnss-ldapd, libpam-ldapd, configure your /etc/nslcd.conf, and ensure you have "compat ldap" as lookups listed in /etc/nsswitch.conf for passwd, group, shadow. (I figure on the whole nss-pam-ldapd arrangement for CentOS6 too, but I haven't gotten that far yet.)
This, at least for Debian Stable and Ubuntu LTS has an important
shortcoming, it does not update shadowLastChange on password change.
So if you set a password expiration they will stay expired forever.
This depends where passwords are maintained. Certainly in your case it sounds like the authoritative password copy is maintained in the directory.
The problem I'm talking is not about password, they are just in
Problem arise form the lack of managament of shadowLastChange in the
current version of nslcd, libnss-ldapd, libpam-ldapd, for both Squeeze
It should work if you use the old libpam-ldap.
Simone Piccardi Truelite Srl
email@example.com (email/jabber) Via Monferrato, 6
Tel. +39-347-1032433 50142 Firenze
http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336