LDAP (POSIX attibutes) password expiry
Alan DeKok
aland at deployingradius.com
Wed Feb 29 10:49:06 CET 2012
up at 3.am wrote:
>>> checkItem Expiration radiusExpiration
>> Did you check that the LDAP module is returning this attribute for the
>> query?
>
> No, I don't expect it to, since I don't have that attribute or anything that looks
> like it might be a good substitute.
So... why would you ever expect that expiration will work?
>> Did you check that Expiration works if you put it into the "users" file?
>
> I'm not worried about that...expiry worked with the old rlm_pam using Unix expiry.
I see. You ask for help, and you ignore the response.
If you do this again, you will be unsubscribed and banned.
> When exporting Unix to LDAP, the expiry data was exported from /etc/shadow to the
> two LDAP attributes mentioned. I was hoping that perhaps there was a module that
> could calculate between the two and figure out that the password was expired and
> take it from there. I figured it a long shot but worth asking.
Was there documentation saying that such a module existed?
Alan DeKok.
More information about the Freeradius-Users
mailing list