Re: LDAP and PAM: account is expired, but pam_ldap allows authentification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Infact, it wouldn't matter if the backend was M$AD or not. You can still use the OpenLDAP client libraries to talk to AD. It is still thusly, an OpenLDAP related question, where the user does not know where to look from here, and they personally did not know, it was NOT the fault of OpenLDAP or pam_ldap but rather of nsswitch. The fact of the matter, is that not everyone knows everything, or they may have missed something in research etc. It is hard to find a man page, if you don't know what you are looking for. Google also is not perfect. This person did not know about nsswitch and its requirement, merely believing that the key parts of this issue were either OpenLDAP or pam_ldap. We have more experience to know this is not the case. He did not. He asked where he though the most experience would be - here and rightly so as well, since we were able to tell him "look at nsswitch, rather than OpenLDAP or pam_ldap". This comes down far more to what he was asking about (and his limited experience), and your perception of it, rather than "what is allowed and what is not". William Brown pgp.mit.edu