shadowInactive - OpenLDAP question
Does the ppolicy overlay override shadowAccount functionality? For example ppolicy does not enforce account inactivity so we would like to use shadowInactive to set it. It does not appear to be working though. We have tried both 1 and 2 days.
The other thing about shadowAccount is if we set certain values within it it will continually prompt a user for a change of password upon every single login attempt.
I tempted to just script it at this point, but wanted to check if their is a quick fix first.
Edit: Figured out why shadowInactive does not work -- it is days until account is marked inactive after expiration. We are looking for something that will enforce inactivity from last login.
Last edited by kbscores; 06-06-2012 at 11:55 AM.