-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
shadowExpire shadowLastChange shadowMin shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I ssh to a server using pam_ldap authentication, it is still allowed to login.
This look to be a question where the user does not know what is responsible for the issue he is seeing, but does relate to his attempt to use OpenLDAP. He is correct in asking here, and helpfully pointing him in the correct direction is the right course of action, rather than saying "you are wrong to ask this here". This problem may have been to him related to missing elements from his user objects (which would have been openldap) or it was anything else.
Also you said
As a reminder - the OpenLDAP-technical list is for the discussion of actual OpenLDAP software, as well as how to make other software interoperate with it. Questions that are purely about how to use 3rd party software "foo" work at all do not belong on this list.
This counts as "other software interoperate with it." from where I am sitting. I have seen many questions like this, and I think it should be something we answer and point people in the correct direction of rather than saying "you'll get no help here"
So instead of going to a doctor to be referred to a specialist, you will go straight to a specialist without knowing what your problem is? makes complete sense.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
William Brown
pgp.mit.edu