24 Oct
2009
24 Oct
'09
2:44 a.m.
Joe Friedeggs schrieb:
Debugging this issue has caused me a bit of confusion. In the LDAP logs, when logging into other equipment that 'binds as user', I see warnings, etc. returned:
ppolicy_bind: Setting warning for password expiry for uid=test_user,ou=people,o=theorg,dc=example,dc=net = 1251 secds
BUT, since the Linux LDAP client has a separate 'binddn', I don't see these warnings when the Linux LDAP client does the ldapsearch to validate the user. How does the policy work in this situation?
Am I missing something here?
Hello,
have a look at 'man pam_ldap':
<snip>
pam_lookup_policy <yes|no> Specifies whether to search the root DSE for password policy. The default is "no".
<snap>
Did you set that to yes on your clients in /etc/ldap.conf or what ever it is called on RHEL5?
Regards, Christian Manal