4AE2CC83.8090207@informatik.uni-bremen.de Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0
----------------------------------------
Joe Friedeggs schrieb:
Debugging this issue has caused me a bit of confusion. In the LDAP logs=
=2C when logging into other equipment that 'binds as user'=2C I see warning= s=2C etc. returned:
ppolicy_bind: Setting warning for password expiry for uid=3Dtest_user=2C=
ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet =3D 1251 secds
BUT=2C since the Linux LDAP client has a separate 'binddn'=2C I don't se=
e these warnings when the Linux LDAP client does the ldapsearch to validate= the user. How does the policy work in this situation?
Am I missing something here?
Hello=2C
have a look at 'man pam_ldap':
=20
pam_lookup_policy=20 Specifies whether to search the root DSE for password policy. The defaul=
t is "no".
=20
Did you set that to yes on your clients in /etc/ldap.conf or what ever it is called on RHEL5?
Regards=2C Christian Manal
Thanks for the response=2C Christian.
Yes=2C I have the following in my LDAP clients' /etc/ldap.conf:
host ldap_svc binddn cn=3DsimpleBind=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet bindpw simpleBind bind_timelimit 3 base o=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet sudoers_base ou=3Dsudoers=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet timelimit 7 idle_timelimit 3600
nss_base_passwd=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexa= mple=2Cdc=3Dnet?one nss_base_shadow=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexa= mple=2Cdc=3Dnet?one nss_base_group=A0=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dgroups=2Co=3Dtheorg=2Cdc=3De= xample=2Cdc=3Dnet?one nss_reconnect_tries 3 nss_initgroups_ignoreusers root=2Cldap=2Cnamed=2Chaldaemon=2Cradiusd=2Clinu= x_admin
pam_password md5 pam_groupdn cn=3Dlevel_3=2Cou=3Dhost_ssh_access=2Co=3Dtheorg=2Cdc=3Dexample= =2Cdc=3Dnet pam_member_attribute uniqueMember pam_lookup_policy yes
Thanks=2C John =20 _________________________________________________________________ Windows 7: I wanted more reliable=2C now it's more reliable. Wow! http://microsoft.com/windows/windows-7/default-ga.aspx?h=3Dmyidea?ocid=3DPI= D24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_myidea:102009=