[CentOS] LDAP - Shadow options

Thu Aug 11 11:02:37 UTC 2011
Craig White <craigwhite at azapple.com>

On Thu, 2011-08-11 at 12:02 +0200, Johan Vermeulen wrote:
> dear All,
> 
> I'm trying to set Shadow options in Ldap with the help of
> phpLDAPadmin.
> 
> This is what I know :
> 
> * Shadowmax : maximum nr of days a pw can be valid
> * ShadowLastchange : contains the last change of the shadow file
> * Shadowwarning : nr of days before expiration to warn user.
> 
> What I'm trying to do is have the users 's passwork expire, that works
> ok.
> But how can I have them get a warning message? setting Shadowwarning
> doesn't seem to be doing it.
> 
> Do I have to set Shadowexpire as well for this?
> 
> Also, how can I have users change the password at first logon?
> 
> I cannot configure the LDAP files themselves, I only have access via
> phpLDAPadmin.
> 
> Thanks for any advise.
---
phpldapadmin - you're wasting your time on this

you need to implement ppolicy overlay (assuming you are using openldap)

http://eatingsecurity.blogspot.com/2008/11/openldap-security.html

Craig