Konstantin Boyandin wrote:
Hello,
Could someone direct me to the source of wisdom to solve this: I have set correctly the fields (attributes)
shadowExpire shadowLastChange shadowMin shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I ssh to a server using pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito account?
Ask on a pam_ldap mailing list. pam_ldap is not a piece of OpenLDAP software, your question is off topic here.