|
I'm trying to migrate my organization of FDS, but policy requires a 90 day password expiration, and pam_ldap modules aren't forcing password changes even after the password expired. I saw in a thread back from 2011 that somebody was having an issue where setting passwordExpirationTime to 19700101000000Z would force a change, but 19700101000001Z wouldn't. Well... even setting to 19700101000000Z
doesn't work for me. intdns1-01-lv:~ mpatenaude$ luser mitchtest2 dn: uid=mitchtest2,ou=People,dc=prod,dc=shutterfly,dc=com passwordExpirationTime: 19700101000000Z loginShell: /bin/bash uid: mitchtest2 cn: Mitch Test2 givenName: Mitch sn: Test2 mail: mitchtest2@xxxxxxxxxxxxxx objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: ldapPublicKey uidNumber: 5134 gidNumber: 5134 homeDirectory: /home/mitchtest2 gecos: Mitch Test2 But it lets that account log in without prompting for a password change.
Any ideas? |
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
