Hi Cris, On 27/03/12 00:46, Collins, Cris L. wrote: > I am running OpenLDAP as packaged for CentOS 5 and having problems with > password expiration. > Users are being told every time they login that their password has expired > and to change their password. When ShadowMax is changed to 99999 their > passwords are not expiring. The preferable setting is 90 days. > ShadowLastChange is updating to the correct date when they input a new > password. Thank you for you time and input as to why this might be > occurring.
shadow attributes are used by UNIX systems during authentication, depending on your system configuration (PAM, pam_ldap, login.defs...) However, the OpenLDAP server itself will not use these attributes to prevent binds by LDAP, which is what I understand you expect. For this, check out the ppolicy overlay. Jonathan -- -------------------------------------------------------------- Jonathan Clarke - [email protected] -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------
