[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password expiration

Hi Cris,

On 27/03/12 00:46, Collins, Cris L. wrote:
> I am running OpenLDAP as packaged for CentOS 5 and having problems with
> password expiration.
> Users are being told every time they login that their password has expired
> and to change their password. When ShadowMax is changed to 99999 their
> passwords are not expiring. The preferable setting is 90 days.
> ShadowLastChange is updating to the correct date when they input a new
> password. Thank you for you time and input as to why this might be
> occurring.

shadow attributes are used by UNIX systems during authentication,
depending on your system configuration (PAM, pam_ldap, login.defs...)

However, the OpenLDAP server itself will not use these attributes to
prevent binds by LDAP, which is what I understand you expect. For this,
check out the ppolicy overlay.

Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org