pam_ldap is not OpenLDAP software and is generally off-topic for this list. Furthermore, pam_ldap is obsolete and no longer supported by its original author, you should be using nslcd or nssov.
PRAJITH wrote:
Hi,
When users with an expired account try to log into PAM (SSH, Su, etc..) there is no warning displayed that the account is expired. The user is also allowed to login normally. In the slapd logging, the following message is displayed:
Mar 18 12:46:25 sip slapd[11790]: ppolicy_bind: Entry uid=prajith,ou=people,dc=XXX,dc=XX has an expired password: 0 grace logins
In auth log ### Mar 18 23:43:37 chiron-desktop-linux2 login[7411]: pam_unix(login:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=prajith Mar 18 23:43:41 chiron-desktop-linux2 login[7411]: pam_unix(login:session): session opened for user prajith by root(uid=0) ###
here is my ldap.conf
######## base dc=XXX,dc=XX uri ldap://XX.XX.XX ldap_version 3 pam_lookup_policy yes pam_password md5 pam_password exop nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,clamav,colord,daemon,dansguardi an,dnsmasq,festival,games,gnats,guest-yRzqOV,hplip,imspector,irc,kernoops,libuuid,libvir t-dnsmasq,libvirt-qemu,lightdm,list,lp,mail,man,messagebus,mysql,new s,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,swift,sync,sys,syslog,usbmux ,uucp,whoopsie,www-data #######
Best Regards, Prajith http://prajith.in --