[Pkg-shadow-devel] Bug#376321: passwd: Can't expire ldap accounts

[Yannick Gingras]

Package: passwd
Version: 1:4.0.3-31sarge5
Severity: normal


I don't know is this is a problem with passwd or with libpam-ldap but
I can use passwd to change the password of ldap users but I can't use
it to expire passwords:

  # LANG=C passwd -e foo31
  passwd: foo31 not found in /etc/passwd

Here foo31 is a valid ldap user.  I have 

  libpam-ldap 178-1sarge1

this is the content of /etc/pam.d/common-password :

  password required pam_ldap.so ignore_unknown_user
  password optional pam_smbpass.so nullok use_authtok try_first_pass
  password optional pam_unix.so nullok obscure min=5 max=8 md5 try_first_pass

this is the content of /etc/pam.d/common-account :

  account [success=1 default=ignore] pam_ldap.so
  account required pam_unix.so
  account required pam_permit.so

this is the content of /etc/pam.d/common-auth :

  auth [success=1 default=ignore] pam_ldap.so
  auth required pam_unix.so try_first_pass
  auth required pam_permit.so

Changing LDAP passwords with passwd is working with this setup.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-1-686-smp
Locale: LANG=fr_CA, LC_CTYPE=fr_CA (charmap=ISO-8859-1)

Versions of packages passwd depends on:
ii  libc6                 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii  libpam-modules        0.76-22            Pluggable Authentication Modules f
ii  libpam0g              0.76-22            Pluggable Authentication Modules l
ii  login                 1:4.0.3-31sarge5   system login tools

-- debconf information:
  passwd/password-mismatch:
  passwd/username:
  passwd/password-empty:
  passwd/md5: false
  passwd/shadow: true
  passwd/username-bad:
  passwd/user-fullname:
  passwd/make-user: true