On Mon, 2017-06-26 at 17:16 +0000, Mitch Patenaude wrote:
I'm trying to migrate my organization of FDS, but policy requires
a 90 day password expiration, and pam_ldap modules aren't forcing password changes
even after the password expired.
I saw in a thread back from 2011 that somebody was having an issue where setting
passwordExpirationTime to 19700101000000Z would force a change, but 19700101000001Z
wouldn't. Well... even setting to 19700101000000Z doesn't work for me.
intdns1-01-lv:~ mpatenaude$ luser mitchtest2
cn: Mitch Test2
gecos: Mitch Test2
But it lets that account log in without prompting for a password change.
It's probably worth reading
I would check that the date-format is correct (enough digits). Check the
number of grace logins you have as well. Finally, to help us diagnose
this, it would be good to see the password policy related attributes
Red Hat, Australia/Brisbane