Hi,
I have ldap clients on two different OS platforms, Solaris and Linux. When "shadowExpire" for a specific user is set, the Linux client sees the change and denies logon for the user which is what I'm trying to implement. But this behaviour doesn't work in my Solaris client. It seems like it doesn't respect the rest of the shadow attributes on the Ldap server. I've been scratching my head for days now but doing so haven't help me figure out what the problem or reason is.
Could anyone shed some light on this.
Can you show the output of ldapclient list command and the ldif files you used to add the solaris client to the LDAP server.
On Thu, Feb 9, 2012 at 8:32 PM, curious penguin pepe.the.bofh@gmail.com wrote:
Hi,
I have ldap clients on two different OS platforms, Solaris and Linux. When "shadowExpire" for a specific user is set, the Linux client sees the change and denies logon for the user which is what I'm trying to implement. But this behaviour doesn't work in my Solaris client. It seems like it doesn't respect the rest of the shadow attributes on the Ldap server. I've been scratching my head for days now but doing so haven't help me figure out what the problem or reason is.
Could anyone shed some light on this.
root@solaris:~# ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=Dummy NS_LDAP_BINDPASSWD= {NS1}3df552e9d230 NS_LDAP_SERVERS= 10.208.55.126 NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=org NS_LDAP_AUTH= simple NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_CACHETTL= 0 NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=mydomain,dc=org?sub NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=mydomain,dc=org?sub NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=mydomain,dc=org?sub NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
ldif sample: dn: uid=pepe,ou=People,dc=mydomain,dc=org uid: pepe cn: Pepe Longstocking objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$6$KrdeSmkx$xvFUO40DKcq1GkJ00000tAGS0oBuWBAAAAAAvxrl1 shadowLastChange: 15358 shadowMax: 35 shadowWarning: 35 loginShell: /bin/ksh uidNumber: 215 gidNumber: 212 homeDirectory: /home/pepe gecos: Pepe Longstocking
On Fri, Feb 10, 2012 at 11:15 AM, NetNinja 2bitninja@gmail.com wrote:
Can you show the output of ldapclient list command and the ldif files you used to add the solaris client to the LDAP server.
On Thu, Feb 9, 2012 at 8:32 PM, curious penguin pepe.the.bofh@gmail.com wrote:
Hi,
I have ldap clients on two different OS platforms, Solaris and Linux. When "shadowExpire" for a specific user is set, the Linux client sees the change and denies logon for the user which is what I'm trying to implement. But this behaviour doesn't work in my Solaris client. It seems like it doesn't respect the rest of the shadow attributes on the Ldap server. I've been scratching my head for days now but doing so haven't help me figure out what the problem or reason is.
Could anyone shed some light on this.
openldap-technical@openldap.org