[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_ldap does not working

pam_ldap is not OpenLDAP software and is generally off-topic for this list. Furthermore, pam_ldap is obsolete and no longer supported by its original author, you should be using nslcd or nssov. 

PRAJITH wrote:


Hi,

   When users with an expired account try to log into PAM (SSH, Su, etc..)
there is no warning displayed that the account is expired. The user is also
allowed to login normally.
In the slapd logging, the following message is displayed:




Mar 18 12:46:25 sip slapd[11790]: ppolicy_bind: Entry
uid=prajith,ou=people,dc=XXX,dc=XX has an expired password: 0 grace logins

In auth log
###
Mar 18 23:43:37 chiron-desktop-linux2 login[7411]: pam_unix(login:auth):
authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser=
rhost=  user=prajith
Mar 18 23:43:41 chiron-desktop-linux2 login[7411]: pam_unix(login:session):
session opened for user prajith by root(uid=0)
###

here is my ldap.conf

########
base dc=XXX,dc=XX
uri ldap://XX.XX.XX
ldap_version 3
pam_lookup_policy yes
pam_password md5
pam_password exop
nss_initgroups_ignoreusers
avahi,avahi-autoipd,backup,bin,clamav,colord,daemon,dansguardi
an,dnsmasq,festival,games,gnats,guest-yRzqOV,hplip,imspector,irc,kernoops,libuuid,libvir
t-dnsmasq,libvirt-qemu,lightdm,list,lp,mail,man,messagebus,mysql,new
s,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,swift,sync,sys,syslog,usbmux
,uucp,whoopsie,www-data
#######

Best Regards,
Prajith
http://prajith.in
--




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/