[CentOS] OpenLDAP authentication, account expired when it's not.

Tue Jul 27 00:59:06 UTC 2010
Scott Robbins <scottro at nyc.rr.com>

On Mon, Jul 26, 2010 at 03:44:48PM -0700, Bill Campbell wrote:
> I am trying to set up LDAP authentication for CentOS workstations, but
> can't get it to authenticate properly.  Authentication fails saying the
> account has expired when I know for certain that it has not (e.g.
> ldapsearch authenticated with the appropriate uid and password returns
> shadowLastChange 14816 and shadowMax 99999).

Well, I'm just going to spam my own page.  Give it a gander, and see if
following it from the get go works.

Note the link to the forum thread in it--it's possible, though not
proven, that CentOS (probably RH) *might* have broken ldap.


All I can say is that it works for me, but--and it's probably an
important but--I haven't set it up from scratch on CentOS 5.5 yet. 

Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Anya: For a thousand years I wielded the powers of the
Wish. I brought ruin to the heads of unfaithful men. I brought forth
destruction and chaos for the pleasure of the lower beings. I was
feared and worshipped across the mortal globe. And now I'm stuck at
Sunnydale High. Mortal. Child. And I'm flunking Math.