On Fri, Sep 23, 2011 at 12:19:17PM +0200, Simone Piccardi wrote: > On 22/09/2011 16:10, Christopher Wood wrote: > >Debian/Ubuntu: install nslcd, libnss-ldapd, libpam-ldapd, configure your > >/etc/nslcd.conf, and ensure you have "compat ldap" as lookups listed in > >/etc/nsswitch.conf for passwd, group, shadow. (I figure on the whole > >nss-pam-ldapd arrangement for CentOS6 too, but I haven't gotten that far > >yet.) > > This, at least for Debian Stable and Ubuntu LTS has an important > shortcoming, it does not update shadowLastChange on password change. > So if you set a password expiration they will stay expired forever.
This depends where passwords are maintained. Certainly in your case it sounds like the authoritative password copy is maintained in the directory. > It can be made working with a patched smbk5pwd overlay in the > openldap server, but that's not present in Debian or Ubuntu. > > Simone > -- > Simone Piccardi Truelite Srl > [email protected] (email/jabber) Via Monferrato, 6 > Tel. +39-347-1032433 50142 Firenze > http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336 > >
