I use OpenLDAP by years, but binded to Samba and using for the user management mostly Samba-aware tools (LAM and smbldap-tools) and using Samba account policy.
Now i need to setup a 'pure' UNIX environment, in a debian box; i've enabled shadow data in account, but found that some very simple things (like locking an account, AKA 'passwd -l') simply does not work.
Also there's no info if an account is locked (eg, password start with '!'), because the info is 'embedded' on the same password data, and so (and obviously) protected.
Most of these things are not OpenLDAP fault, but really i dont't know how to ask for elsewhere...
But there's some way to get around some limitation? EG, there's some way (via an overlay?) to ''compute'' the field 'shadowLocked = yes' if userPassword start with an '!', end expose that via an ACL?
I've tried to search for some examples, but found nothing.
Thanks.