I had another run at this recently and tracked it down to this bug:
We were using the rpm package from the copr repo on CentOS6, we downgraded to the latest
389-ds-base package included in CentOS, and password expiration is working now.
Have a nice day,
On 2014-09-19 18:25, Mark Reynolds wrote:
On 09/19/2014 12:16 PM, Paul Tobias wrote:
> Hi guys,
> We need to implement password expiration because of some policy. The
> problem is users are not able to bind to ldap anymore, after I switch on
> password expiration for our ou=People subtree . The ldap command line
> tools and 389-console both just hang forever when trying to connect.
> This happens even when the user changes the password right before
> switching on the password expiration so the password cannot be expired
> yet. When I use the wrong password, then I get "ldap_bind: Invalid
> credentials (49)", but when I use the correct password, then it's just a
> hang. If I switch off password expiration then everything returns to
> normal again. I've followed the guide at
Password expiration does work. What exactly are you setting? Could you
enable the audit log, make your password configuration changes, and then
post the log?
> I've tried both 389ds 126.96.36.199 on CentOS 6 and 389ds 188.8.131.52 on Fedora
> 20 with the same results.
> Is password expiration working in 389ds at all?
> Thanks in advance,
> Paul Tobias
> 389 users mailing list