I have been trying and trying to get SLES8's OpenLDAP server and clients to work and have users authenticate via this Directory service. I have been very successful in the configuration and the authenticating part. However, the use of the shadow attributes, mainly lastShadowChange, seem to give me the greatest pains. Forcing a user to change his or her password results in some very interesting results all of which do not include the successful changing of the password and / or the update of the lastShadowChange attribute.
When testing this on my x86 install of RedHat 9 I was able to get all of the features to work first time through. This leads me to believe that SuSE has done something in the pam layer or to the LDAP build itself. Or perhaps I simply missed something in the SLES8 config that RedHat's authconfig utility took care of in the RedHat install. Does anyone have user authentication working using only OpenLDAP on SLES8? By working I mean all required features, password expiration, force password change features, etc. . . Thanks! Eric Sammons (804)697-3925 FRIT - Unix Systems
