RSS feed

Re: Re: problems with nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Re: problems with nslcd

Hi Ryan,

thanks for your respones. I'll try to give you a better description of my problems.

To expire accounts we're using the ldap "shadowExpire" value. We're using one central OpenLDAP server, to which the clients are connecting on login. The clients are running either Ubuntu 8.04 or 10.04. Installed packages on the clients are autofs-ldap, ldap-utils, libnss-ldap, nfs-common, nss-updatedb and nscd. All packages have been installed from the ubuntu package repositories.

 Due to some problems with switching to the superuser (simply using the 'su'-command, typing the password and then becoming root wasn't working on some computers anymore) I found a fix which said I should also install the nslcd package from the ubuntu repository, which fixed the su issue. 

Since then the problem with the expired accounts occured. 

server1 su[20732]: Successful su for AAA by BBB
server1 su[20732]: + /dev/pts/2 BBB:AAA
server1 su[20732]: pam_unix(su:session): session opened for user AAA by BBBB(uid=1234)


URI     ldaps://
TLS_CACERT /etc/ssl/certs/ldap.pem


# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldaps://

# The search base that will be used for all queries.
base dc=search,dc=base,dc=com #replaced the original base

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# SSL options
#ssl off
tls_reqcert never

If you are missing any information, don't hestitate to write me an email.

To unsubscribe send an email to or see