Hello,

I’ve done a lot or research and re-read the OpenLDAP configuration guides but I cannot get my OpenLDAP 2.39 server to not allow users with expired passwords to login to ldap enabled clients. What directive in the /etc/pam.d/ files controls the users password expiration attribute? pam_unix or pam_ldap?

Setup:

Server: RHEL7 OS
Software: OpenLdap 2.4.39 server using slapd service

Client: RHEL7 OS
Software: enabled Ldap via authconfig, using sssd service


Thank you,

Liz