Software
 » 
LDAP
 » 
PADL Lists
 » 
PAM LDAP

shadow attributes not respected

View: New views
1 Messages — Rating Filter:   Alert me  

shadow attributes not respected

by Rafael A Barrero :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Spam detection software, running on the system "au.padl.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Spam detection software, running on the system
  "au.padl.com", has identified this incoming email as possible spam. The
  original message has been attached to this so you can view it (if it
  isn't spam) or block similar future email. If you have any questions,
  see the administrator of that system for details. [...]

Content analysis details:   (6.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?206.190.75.8>]
 2.8 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is a abuseable web server
                            [206.190.75.8 listed in dnsbl.sorbs.net]
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [206.190.75.8 listed in dnsbl.sorbs.net]
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


Spam detection software, running on the system "au.padl.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Hi all; Setting up users with the schema below, I've
  not been able to get the shadow attribute to behave as one would
  expect. After looking at the source code for pam_ldap, it appears that
  everything is measured in days, not seconds... [...]

Content analysis details:   (6.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?206.190.75.8>]
 2.8 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is a abuseable web server
                            [206.190.75.8 listed in dnsbl.sorbs.net]
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [206.190.75.8 listed in dnsbl.sorbs.net]
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer



Hi all;

Setting up users with the schema below, I've not been able to get the
shadow attribute to behave as one would expect. After looking at the
source code for pam_ldap, it appears that everything is measured in days,
not seconds...

However, using the below values, it continually asks for a new password at
every login and the shadow warning does not show properly within the 14
day range I've set.

I've tested using seconds for the values, and that at least stops it from
asking me every time I login, but I'm afraid that's not working perfectly
either.

I have tested these procedures by modifying the system clock, modifying
the attributes... everything to try and simulate a real-life situation.

Can someone please help me figure out how to properly implement the shadow
attributes? What am I missing? Should I be using a 3rd party schema?

Thanks,

Rafael.

Below is the schema I'm using for our users:

###
dn: uid=testuser,ou=Sys Eng,dc=xxx,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
sn: User
cn: Test User
title: Test Engineer
telephoneNumber: (111) 111-1111
street: 1111 Hope St
postalCode: 99999
physicalDeliveryOfficeName: Utopia
ou: Sys Eng
st: CA
l: Utopia
displayName: Test User
employeeType: DIRECT
givenName: Test
jpegPhoto: ~
mail: testuser@...
manager: cn=Test Manager,ou=Users,ou=Utopia,ou=Sites,dc=xxx,dc=com
mobile: (111) 111-1111
uid: testuser
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
loginShell: /bin/bash
uidNumber: 502
gidNumber: 100
homeDirectory: /home/testuser
gecos: Test User
shadowLastChange: 13451
shadowMax: 90
shadowMin: 14
shadowWarning: 14
shadowInactive: 1
shadowFlag: 0
description: test user
###

LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help