[Lam-public] Managing account locking and password expiration in plain LDAP schema...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I'm a bit (ab)used of OpenLDAP, but with the samba schema added (and using
winbind), and now on Samba/AD mode and their internal LDAP server.

For both there's some way to lock the account, or to set account expiration,
and they are enforced (by winbind).

Now i have to manage a 'plain' LDAP server with only posixAccount schema,
and i've some trouble; for example:

1) i can lock account on LAM, but a 'passwd -l <user>' does not work; also,
 there's no way to have an LDAP query that return the locked (or unlocked)
account.

2) i can setup 'shadowAccount' schema, but get used only by 'shadow enabled'
 things, like nslcd; if i simply bind to LDAP (eg, via PHP for example),
there's no shadow enforcing.

There's some hint for these? Thanks.

-- 
  Fino a quando il colore della pelle sarà più importante del colore
  degli occhi, sarà sempre guerra.			(Bob Marley)