You probably don't have the slapd ACLs configured so clients can read the necessary shadow fields... particularly those governing password age (e.g., shadowLastChange, shadowMax).

On Tue, Jul 28, 2009 at 5:52 AM, <mlb@imparisystems.com> wrote:
I've got openLDAP running and installed the pam and nss libraries so it
would also control the Linux passwords. I'm trying to sign onto my server
using ssh - but once I enter my username and password, I get

WARNING: Your password has expired.
You must change your password now and login again!
Enter login(LDAP) password:

Now being a bad security person, I always use the exact same username /
password combination and they don't work.

If a use either nothing (just hit Enter) or if I put in the standard
password I get

passwd: Authentication information cannot be recovered
passwd: password unchanged
Connection to ubuntu closed.

If I enter in some nonsensical string I get

LDAP Password incorrect: try again
Enter login(LDAP) password:


However, that is the only root level user on the machine and I have TONS of
stuff on it. How do I fix? Is this an openLDAP issue or something else?

Thanks