I have an openldap server with ppolicy enabled and working. We started using nss-pam-ldap libraries on the linux clients to authenticate users. It all works fine for logins, notifications and change of expired passwords.
To have more options for groups and password filters we are now testing the nss-pam-ldapd by https://arthurdejong.org/nss-pam-ldapd/ installed with apt-get.
Through the /etc/nslcd.conf file we created our filters and it works great, however, we do not get any password expired notification when login in with expired passwords managed by the ppolicy objects. It just respond Login incorrect.
Is this correct? We have done many tests with the config file without success. Can anyone help? has anyone succeed to get a prompt to change password after login in with expired passwords?
The nss-pam-ldapd package provides nslcd, libnss-ldapd, libpam-ldapd.