Re: ppolicy and Red Hat Linux
Joe Friedeggs schrieb:
Debugging this issue has caused me a bit of confusion. In the LDAP
logs, when logging into other equipment that 'binds as user', I see warnings, etc.
returned:
ppolicy_bind: Setting warning for password expiry for
uid=test_user,ou=people,o=theorg,dc=example,dc=net = 1251 secds
BUT, since the Linux LDAP client has a separate 'binddn', I don't see these
warnings when the Linux LDAP client does the ldapsearch to validate the user. How does
the policy work in this situation?
Am I missing something here?
Hello,
have a look at 'man pam_ldap':
<snip>
pam_lookup_policy <yes|no>
Specifies whether to search the root DSE for password policy. The default
is "no".
<snap>
Did you set that to yes on your clients in /etc/ldap.conf or what ever
it is called on RHEL5?
Regards,
Christian Manal