It's strange if I set ldap_chpass_update_last_change = true
You can change the password and shadowLastChange get's updated but you don't get password expiry warnings or account lockouts. If you set ldap_pwd_policy = shadow and ldap_chpass_update_last_change = true or ldap_pwd_policy = shadow ldap_chpass_update_last_change = false The user can't change their password but I don't get password expiry warning and account lockouts. On Wed, Jan 28, 2015 at 4:30 PM, Michael Ströder <[email protected]> wrote: > Stephen Johnson wrote: > > I'm running SSSD 1.8.6-0ubuntu0.3 on Ubuntu 12.04 and I've hit this bug > > https://bugs.launchpad.net/debian/+source/sssd/+bug/1415545, basically > if > > you set ldap_pwd_policy=shadow and you don't have the ppolicy overlay on > > your ldap server it breaks changing passwords. > > Hmm, OpenLDAP's slapo-ppolicy and using shadowAccount attributes have > nothing > to do with each other. So I suspect that things got confused in the above > mentioned bug report. > > Ciao, Michael. > > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
