BTW, I suspect that this is in RH 7.0, as well, since the nss_ldap package was updated on 6.2 and 7.0 at the same time... The password expiration code in the current ldap PAM module (from nss_ldap-122-1.6) does not handle the standard "infinite" password expiration time of 99999 days. The expiration calculation wraps, producing an actual expiration time of about 579 days. This bug appears to be fixed in the source of pam_ldap-105 (although I haven't tested it). Upgrading nss_ldap to use this version will probably fix this.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.