Hello, I am trying to configure warnings when a password is about to expire. I added the following in the sssd.conf file:
ldap_pwd_policy = shadow pwd_expiration_warning = 7
I create a user with shadow enabled, but when logging in, no warning is displayed. In nslcd, the shadow attributes work fine, but in sssd, I can't get them to work.
The ACLs are configured on the OpenLDAP server.
Can someone guide me on what I might be doing wrong?
Best regards.
Hi,
you are missing the ldap_access_order option:
ldap_access_order = pwd_expire_policy_warn
Please check sssd-ldap(5) for more information.
HTH,
On Mon, Feb 3, 2025 at 11:33 AM Rodrigo Prieto via sssd-users < sssd-users@lists.fedorahosted.org> wrote:
Hello, I am trying to configure warnings when a password is about to expire. I added the following in the sssd.conf file:
ldap_pwd_policy = shadow pwd_expiration_warning = 7
I create a user with shadow enabled, but when logging in, no warning is displayed. In nslcd, the shadow attributes work fine, but in sssd, I can't get them to work.
The ACLs are configured on the OpenLDAP server.
Can someone guide me on what I might be doing wrong?
Best regards.
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
When the account is expired, the following message appears:
*User info message: Password reset by root is not supported.*
The only way I can change the password is through SSH or by running su - user.
When I'm on the login screen, I can't do it. That message appears, and it returns to the start screen, whether using TTY or GDM, for example.
What works is setting a temporary password, and then the dialog box appears, allowing the password to be changed.
Best regards.
El lun, 3 feb 2025 a las 7:32, Rodrigo Prieto (rodrigoprieto2019@gmail.com) escribió:
Hello, I am trying to configure warnings when a password is about to expire. I added the following in the sssd.conf file:
ldap_pwd_policy = shadow pwd_expiration_warning = 7
I create a user with shadow enabled, but when logging in, no warning is displayed. In nslcd, the shadow attributes work fine, but in sssd, I can't get them to work.
The ACLs are configured on the OpenLDAP server.
Can someone guide me on what I might be doing wrong?
Best regards.
sssd-users@lists.fedorahosted.org
-
Alejandro Lopez -
Rodrigo Prieto