I'm trying to configure password expiration warnings and access rejection with SSSD+LDAP by setting the following:
[domain/LDAP]
ldap_access_order=filter,expire
ldap_pwd_policy = shadow
ldap_access_order = pwd_expire_policy_warn
ldap_user_shadow_expire=passwordExpirationTime
ldap_user_shadow_warning=pwmLastPwdUpdate
pwd_expiration_warning = 7
However I'm struggling with time formats: my LDAP server return in LDAP timestamps format whereas SSSD is expecting epoch time format.
Has anybody dealt with this before? Any ideas?
