Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
shadowExpire shadowLastChange shadowMin shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I ssh to a server using pam_ldap authentication, it is still allowed to login.
This look to be a question where the user does not know what is responsible
for the issue he is seeing, but does relate to his attempt to use OpenLDAP. He is correct in asking here, and helpfully pointing him in the correct direction is the right course of action, rather than saying "you are wrong to ask this here". This problem may have been to him related to missing elements from his user objects (which would have been openldap) or it was anything else.
Pointing him to pam_ldap was the correct action.
Also you said
As a reminder - the OpenLDAP-technical list is for the discussion of actual OpenLDAP software, as well as how to make other software interoperate with it. Questions that are purely about how to use 3rd party software "foo" work at all do not belong on this list.
This counts as "other software interoperate with it." from where I am sitting. I have seen many questions like this, and I think it should be something we answer and point people in the correct direction of rather than saying "you'll get no help here"
So instead of going to a doctor to be referred to a specialist, you will go straight to a specialist without knowing what your problem is? makes complete sense.
It was obvious that he was not asking "why doesn't my pam_ldap talk to my OpenLDAP server."
Missing elements from the user objects is a *data* problem, it is not an interoperability problem. He would have the same issue whether the server was OpenLDAP, Oracle, or M$AD. It has nothing to do with OpenLDAP, and a careful reader would have known all of this. If you're not reading carefully, you should not be responding to the posts.