nslcd doesn't handle timeBeforeExpiration(ppolicy)
Issue
- nslcd doesn't handle timeBeforeExpiration(ppolicy)
ssh login doesn't show a password expiration warning (pwdExpireWarning).
[root@CLIENT /]# ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -h SERVER -w password -b cn=default,ou=policies,dc=example,dc=com
dn: cn=default,ou=policies,dc=example,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdAttribute: userPassword
pwdLockout: TRUE
pwdLockoutDuration: 120
pwdMaxFailure: 5
pwdFailureCountInterval: 300
pwdMustChange: TRUE
pwdMaxAge: 864030
pwdExpireWarning: 864000
pwdGraceAuthNLimit: 0
pwdSafeModify: FALSE
[root@CLIENT /]# ldapsearch -LLL -D uid=testuser,ou=People,dc=example,dc=com -h SERVER -w password "cn=testuser" -e ppolicy
ldap_bind: Success (0) (Password expires in 863967 seconds)
dn: uid=testuser,ou=People,dc=example,dc=com
...
[root@CLIENT /]# ssh testuser@localhost
testuser@localhost's password:
Last login: Fri May 10 17:26:36 2019 from localhost
[testuser@CLIENT ~]$
Environment
- Red Hat Enterprise Linux 7
- nss-pam-ldapd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.