Overview#
An Auxiliary ObjectClass used in Approach for Using LDAP as a Network Information Services as defined in various PAM Schema Modifications.shadowAccount attribute values v.s. /etc/shadow
:AbcDefgHijkLMnOP:13654:0:99999:7: : :0
---------------- ----- - ----- - - - -
| | | | | | | └ shadowFlag
| | | | | | └ shadowExpire
| | | | | └ shadowInactive
| | | | └ shadowWarning
| | | └ shadowMax
| | └ shadowMin
| └ shadowLastChange
└ userPassword (hashed)
Attributes#
- shadowLastChange - Indicates the number of days between January 1, 1970 and the day when the user password was last changed. (single-valued)
- shadowExpire - Indicates the date on which the user login will be disabled. (single-valued)
- shadowFlag - not currently in use.
- shadowInactive - Indicates the number of days of inactivity allowed for the user. (single-valued)
- shadowMax - Indicates the maximum number of days for which the user password remains valid. (single-valued)
- shadowMin - Indicates the minimum number of days required between password changes. (single-valued)
- shadowWarning - The number of days of advance warning given to the user before the user password expires. (single-valued)
LDAP ObjectClass Definition#
The ObjectClass Type is defined as:- OID: 1.3.6.1.1.1.2.1
- ObjectClass-Name: ShadowAccount
- SUP: top
- AUXILIARY
- MUST:
- MAY:
- Extended Flags:
