Hi all;
I've done my best to find a solution on my own, but I haven't found
the help I'm looking for. I'm hoping I can get this easily resolved
by throwing this out to the community.
After creating the user with the below schema, the system ALWAYS
prompts the user to change his/her password at any login (local or
remote)... at every login attempt. I can see that 'shadowLastChange'
is updated properly, but somehow this is making no difference. I've
found that if I set 'shadowMax' to '99999', I don't get this
behaviour - however, that isn't really a password policy. I need the
90 password update policy in place to deploy my OpenLDAP system.
I want the system to bug the user about requiring a password change
IF the password is really aged and within the 'shadowWarning' threshold.
Am I missing attributes? How can I get my desired password policy to
work?
Please help!! Much Appreciated!
-Rafael.
Below is the schema I'm using for our users:
###
dn: uid=testuser,ou=Sys Eng,dc=xxx,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
sn: User
cn: Test User
title: Test Engineer
telephoneNumber: (111) 111-1111
street: 1111 Hope St
postalCode: 99999
physicalDeliveryOfficeName: Utopia
ou: Sys Eng
st: CA
l: Utopia
displayName: Test User
employeeType: DIRECT
givenName: Test
jpegPhoto: ~
mail:
testuser@...
manager: cn=Test Manager,ou=Users,ou=Utopia,ou=Sites,dc=xxx,dc=com
mobile: (111) 111-1111
uid: testuser
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
loginShell: /bin/bash
uidNumber: 502
gidNumber: 100
homeDirectory: /home/testuser
gecos: Test User
shadowLastChange: 1
shadowMax: 90
shadowMin: 14
shadowWarning: 14
description: test user
###
