LDAP (POSIX attibutes) password expiry
up at 3.am
up at 3.am
Wed Feb 29 02:04:54 CET 2012
> up at 3.am wrote:
>> However, we just noticed that password expiry isn't working. I suspect this is
>> because we are still using all the original POSIX attributes and none of them
>> look
>> like good for mapping to the ones supplied by FreeRADIUS. I see:
>>
>> checkItem Expiration radiusExpiration
>
> Did you check that the LDAP module is returning this attribute for the
> query?
No, I don't expect it to, since I don't have that attribute or anything that looks
like it might be a good substitute.
> Did you check that Expiration works if you put it into the "users" file?
I'm not worried about that...expiry worked with the old rlm_pam using Unix expiry.
When exporting Unix to LDAP, the expiry data was exported from /etc/shadow to the
two LDAP attributes mentioned. I was hoping that perhaps there was a module that
could calculate between the two and figure out that the password was expired and
take it from there. I figured it a long shot but worth asking.
Thanks!
More information about the Freeradius-Users
mailing list