The LDAP name service is enhanced to support the account locking and password aging functionality using the data in the shadow database stored on a configured LDAP server. This support enables the passwd(1) utility and the pam_unix_*(5) PAM modules to function almost the same when handling account locking and password aging for local accounts and remote LDAP user accounts. Therefore, using the pam_ldap(5) module is no longer the only way to implement the password policy and account control for the LDAP name service. pam_unix_*(5) can be used to obtain the same consistent results as with the files and nisplus name services.
For more information, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).