Hi,
I have successfully configured OpenLDAP Server in rhel7.2.I have also implemented password policy as per URL
https://access.redhat.com/solutions/2710021.
LDAP client server authentication is working fine.
I want whenever any LDAP user logs in to LDAP client,it should show how many days are left before password expiration.
For the same I have modified my ldap password policy by "ldapmodify" command with "pwdExpireWarning" same as that of "pwdMaxAge".
When a user logs in to LDAP client,ldap user simply gets logged in with no message at loggin prompt.
Although i can see "password expiry" of user ldap219346 got changed.
code:
Logs in /var/log/ldap.log
Oct 16 06:18:39 <LDAP_Server> slapd[1701]: ppolicy_bind: Setting warning for password expiry for uid=ldap219346,ou=People,dc=domain,dc=com = 2588352 sec
onds
LDAP server password policy:
# cat passwordpolicy.ldif
dn: cn=default,ou=policies,dc=domain,dc=com
cn: default
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 2592000
pwdExpireWarning: 604800
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 14
pwdMaxFailure: 3
pwdLockout: TRUE
pwdLockoutDuration: 300
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
LDAP server updated password policy:
# cat updatepasswordpolicy.ldif
dn: cn=default,ou=policies,dc=domain,dc=com
changetype: modify
replace: pwdExpireWarning
pwdExpireWarning: 2592000
When i logged in LDAP client:
[LDAP client]# su - ldap219346
Last login: Mon Oct 16 07:09:02 CDT 2017 on pts/0
[LDAP client]$
Please suggest.
Thanks