I'm a bit (ab)used of OpenLDAP, but with the samba schema added (and using winbind), and now on Samba/AD mode and their internal LDAP server.
For both there's some way to lock the account, or to set account expiration, and they are enforced (by winbind). Now i have to manage a 'plain' LDAP server with only posixAccount schema, and i've some trouble; for example: 1) i can lock account on LAM, but a 'passwd -l <user>' does not work; also, there's no way to have an LDAP query that return the locked (or unlocked) account. 2) i can setup 'shadowAccount' schema, but get used only by 'shadow enabled' things, like nslcd; if i simply bind to LDAP (eg, via PHP for example), there's no shadow enforcing. There's some hint for these? Thanks. -- Fino a quando il colore della pelle sarà più importante del colore degli occhi, sarà sempre guerra. (Bob Marley) _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public
