Re-posting minus the garbage....
Debugging this issue has caused me a bit of confusion. In the LDAP logs, when logging into other equipment that 'binds as user', I see warnings, etc. returned:
ppolicy_bind: Setting warning for password expiry for uid=test_user,ou=people,o=theorg,dc=example,dc=net = 1251 secds
BUT, since the Linux LDAP client has a separate 'binddn', I don't see these warnings when the Linux LDAP client does the ldapsearch to validate the user. How does the policy work in this situation?
Am I missing something here?
Hello,
have a look at 'man pam_ldap':
<snip> > pam_lookup_policy <yes|no> > Specifies whether to search the root DSE for password policy. The default is "no". <snap>
Did you set that to yes on your clients in /etc/ldap.conf or what ever it is called on RHEL5?
Regards, Christian Manal
Thanks for the response, Christian.
Yes, I have the following in my clients' /etc/ldap.conf:
host ldap_svc binddn cn=simpleBind,o=theorg,dc=example,dc=net bindpw simpleBind bind_timelimit 3 base o=theorg,dc=example,dc=net sudoers_base ou=sudoers,o=theorg,dc=example,dc=net timelimit 7 idle_timelimit 3600 nss_base_passwd ou=people,o=theorg,dc=example,dc=net?one nss_base_shadow ou=people,o=theorg,dc=example,dc=net?one nss_base_group ou=groups,o=theorg,dc=example,dc=net?one nss_reconnect_tries 3 nss_initgroups_ignoreusers root,ldap,named,haldaemon,radiusd,linux_admin pam_password md5 pam_groupdn cn=level_3,ou=host_ssh_access,o=theorg,dc=example,dc=net pam_member_attribute uniqueMember pam_lookup_policy yes
Thanks, Joe
<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-1610611985 1073750091 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} p.MsoPlainText, li.MsoPlainText, div.MsoPlainText {mso-style-noshow:yes; mso-style-priority:99; mso-style-link:"Plain Text Char"; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.5pt; font-family:Consolas; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-bidi-font-family:"Times New Roman";} span.PlainTextChar {mso-style-name:"Plain Text Char"; mso-style-noshow:yes; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:"Plain Text"; mso-ansi-font-size:10.5pt; mso-bidi-font-size:10.5pt; font-family:Consolas; mso-ascii-font-family:Consolas; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Consolas; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} -->
_________________________________________________________________ Windows 7: Simplify your PC. Learn more. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLM...