Firstly, apologies if this isnt appropriate for this mailing list.
This was the only sssd mailing list I could find.
I'm trying to migrate a RHEL5 box from pam_ldap to sssd (version
1.5.1, official redhat package) and am having an issue getting
shadow attributes working. For testing I set a shadowExpire
attribute on my account in LDAP. pam_ldap obeys this correctly and
will not let me log in (trying with ssh public key as the server
enforces the password policy). I have added the following settings
to the ldap domain to try and get this to work;
access_provider = ldap
ldap_access_order = expire
ldap_account_expire_policy = shadow
But the box sill lets me log in. For testing to make sure pam was
working, I set 'ldap_access_order=filter' without setting
ldap_access_filter, and it properly rejected my login.
Googling the subject only turns up the man page and the patch set
where these settings were added.
Any ideas what I'm missing here?
Thanks