RSS feed

Re: problems with nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: problems with nslcd


What are you using to expire accounts?  The ppolicy overlay, manual expiry, 
etc?  With respect to ppolicy, which I
myself use, yes, there is an issue that prevents ppolicy-based account expiry 
warnings from being displayed on the
clients.  Specifically, there is no support in the nss-pam-ldapd packages 
(nslcd included) for sending ppolicy controls
with the bind requests, which means that OpenLDAP will not respond with the 
pwdExpireWarning message.  See this thread
for additional details on that issue:

I'm not sure what mechanism you're using, though, and your original question 
lacks a lot of the technical details of
your implementation.  Could you please give us a bit more detailed description 
of your setup, and any relevant
observations (including log messages) that you have made that might be of use 
when analyzing your issue?


Patrick Hornecker wrote:
> hi all,
> i have recently installed nslcd on a few computers in my network. after
> installing the package (newest version from ubuntu 10.04 repository)
> there are several expired ldap accounts, which still can login and don't
> get a warning message or anything else like that. the network consists
> of computers with ubuntu 8.04 and 10.04 and an ldap account managment
> system.
> are there any known bugs, or solutions to this problem? i haven't found
> anything using google!
> regards 
> patrick
> ------------------------------------------------------------------------
> --
> To unsubscribe send an email to
> or see
To unsubscribe send an email to or see