nslcd doesn't handle timeBeforeExpiration(ppolicy)

Solution Unverified - Updated -

Issue

  • nslcd doesn't handle timeBeforeExpiration(ppolicy)

ssh login doesn't show a password expiration warning (pwdExpireWarning).

[root@CLIENT /]# ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -h SERVER -w password -b cn=default,ou=policies,dc=example,dc=com
dn: cn=default,ou=policies,dc=example,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdAttribute: userPassword
pwdLockout: TRUE
pwdLockoutDuration: 120
pwdMaxFailure: 5
pwdFailureCountInterval: 300
pwdMustChange: TRUE
pwdMaxAge: 864030
pwdExpireWarning: 864000
pwdGraceAuthNLimit: 0
pwdSafeModify: FALSE

[root@CLIENT /]# ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -h SERVER -w password  "cn=testuser" -e ppolicy
ldap_bind: Success (0) (Password expires in 863967 seconds)
dn: uid=testuser,ou=People,dc=example,dc=com
...

[root@CLIENT /]# ssh testuser@localhost
testuser@localhost's password: 
Last login: Fri May 10 17:26:36 2019 from localhost
[testuser@CLIENT ~]$

Environment

  • Red Hat Enterprise Linux 7
  • nss-pam-ldapd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content