[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdRESET not working





Le 21/05/2018 à 17:10, Net Warrior a écrit :
Hello
When I force the expiration changing pwdMaxAge what I can see in the
log is the following:

  ppolicy_bind: Entry uid=jdoe,ou=Users,dc=domain,dc=com has an expired
password: 0 grace logins

I test the login, I get two warning as configured but the user is
never  forced to change it and can login as usual, any hint on this?


Seems you are mixing OpenLDAP ppolicy and shadow policy.

Anyway, if the OpenLDAP ppolicy has expired the password, you should not be able to log in, unless you set some cache or failback on local account.


You should test with ldapsearch or ldapwhoami command to understand the behavior of OpenLDAP ppolicy. Then you can configure pam/sssd to fit your needs.

--
Clément Oudot | Identity Solutions Manager

Worteks | https://www.worteks.com