On Fri, May 09, 2025 at 09:56:17AM +0000, Windl, Ulrich wrote: > Ondřej, > > from what I remember is that password expiry worked well, BUT users > were not warned about the password expiring (they claimed) unless that > information was provided via the shadow attribute. Maybe that's due to > the fact that we use a mixture of local users and LDAP users > typically. Obviously both need some common interface....
Hi Ulrich, policy objectclass allows the pwdExpireWarning attribute which will result in the client being notified if they understand ppolicy (i.e. they sent the ppolicy control with their request). Are you sure you have it set? Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
