We have opnldap (Version: 2.4.31-1ubuntu2.1) setup on our ubuntu server. Just migrated over from an older server and are getting this message for a user:
Our users can login to webmail to send and receive mail, and other stuff like that, they can download pop3 mail via desktop client, but when they go to send out, or su to that user we get messages like this:
auth: pam_unix(dovecot:account): account has expired (account expired) Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange by dn="@ADMIN@" write by anonymous auth by self write by * none access to dn.base="" by * read
# The admin dn has full write access, everyone else # can read everything. access to * by dn="@ADMIN@" write by * read
Package: slapd Status: install ok installed Priority: optional Section: net Installed-Size: 4101 Maintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com Architecture: amd64 Source: openldap Version: 2.4.31-1ubuntu2.1 Replaces: ldap-utils (<< 2.2.23-3), libldap2 Provides: ldap-server, libslapi-2.4-2 Depends: libc6 (>= 2.15), libdb5.1, libldap-2.4-2 (= 2.4.31-1ubuntu2.1), libltdl7 (>= 2.4.2), libodbc1 (>= 2.2.11) | unixodbc (>= 2.2.11), libperl5.14 (>= 5.14.2), libsasl2-2 (>= 2.1.24), libslp1, libwrap0 (>= 7.6-4~), coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl, adduser, lsb-base (>= 3.2-13) Pre-Depends: debconf (>= 0.5) | debconf-2.0, multiarch-support Recommends: libsasl2-modules Suggests: ldap-utils, ufw Conflicts: ldap-server, libltdl3 (= 1.5.4-1), umich-ldapd Conffiles: