[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldappasswd: account has expired (account expired)
- To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: ldappasswd: account has expired (account expired)
- From: john espiro <john_espiro@yahoo.com>
- Date: Tue, 3 Sep 2013 22:34:07 -0700 (PDT)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1378272847; bh=zJOLbz1QVDFKpKKi2EM+lnKwMqB214DrrM79pDuYNW0=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CAKoFVedX85RAHYo5UzbTgyEki5ANPiHdoSREib6m/Kdhj7b1E41zvwoK+/MJLWXIHZ6vSehs+J5P745jHRRjkoicyDsYpnIwFEIgvrx66wY9q5LAZeIXXieGv/DUhbrfSF2r6BSdhby0tnk1s4dnNg5tw815SvLUlW8yE/W1YU=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VpYuE1IX4Mfyd0E9vEIM/oRwYEAHqKb2VVF+qFskzstpuzuCEVdAeJMSHFp3WiEEDUA5WBRwh2AZb4nOOJ968h5OOeLvQeqqoJdkcx8GLKG1Jxj775dpxIuwwrBY6g1j6t2jzhUY3RxgYJP5+GKm1YEzxt9t9NOt755D2Uq6CBo=;
We have opnldap (Version: 2.4.31-1ubuntu2.1) setup on our ubuntu server. Just migrated over from an older server and are getting this message for a user:
Our users can login to webmail to send and receive mail, and other stuff like that, they can download pop3 mail via desktop client, but when they go to send out, or su to that user we get messages like this:
auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="@ADMIN@" write
by * read
Package: slapd
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 4101
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Source: openldap
Version: 2.4.31-1ubuntu2.1
Replaces: ldap-utils (<< 2.2.23-3), libldap2
Provides: ldap-server, libslapi-2.4-2
Depends: libc6 (>= 2.15), libdb5.1, libldap-2.4-2 (= 2.4.31-1ubuntu2.1), libltdl7 (>= 2.4.2), libodbc1 (>= 2.2.11) | unixodbc (>= 2.2.11), libperl5.14 (>= 5.14.2), libsasl2-2 (>= 2.1.24), libslp1, libwrap0 (>= 7.6-4~), coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl, adduser, lsb-base (>= 3.2-13)
Pre-Depends: debconf (>= 0.5) | debconf-2.0, multiarch-support
Recommends: libsasl2-modules
Suggests: ldap-utils, ufw
Conflicts: ldap-server, libltdl3 (= 1.5.4-1), umich-ldapd
Conffiles: