> I've configured a RHEL3 as LDAP client to my FedoraDS 1.0.2 on RHEL4. > When I login via ssh with an LDAP account on the ldapclient I immediately get > You are required to change your password immediately (password aged) > Your password has expired, the session cannot proceed. > You must change your password now and login again! > > After that I change the password and login again and I get the same error again. > Any idea what's causing this? Is it an ACL that's preventing some > attributes to be updates? Which attributes? If I just for testing > delete these attributes I should get rid of this message, shouldn't I? Assuming you're using shadowAccount attributes for your password expiry, you are seeing just what I saw until "write for self" access was given to users to up the shadowLastChange attribute. Here's how I fixed it in admin console. In Directory tab, select root domain Right click and select "Set Access Permissions" Select "Enable self-write for common attributes" and click on Edit After "userPassword", insert "|| shadowLastChange " and click on OK and again on OK on the parent window. -- - Kyle --------------------------------------------- kylet at panix.com http://www.panix.com/~kylet ---------------------------------------------
