--- /dev/null
+--- nss-pam-ldapd-0.9.2/nslcd/shadow.c~ 2013-12-24 23:52:54.743671978 +0100
++++ nss-pam-ldapd-0.9.2/nslcd/shadow.c 2013-12-25 12:03:02.282720882 +0100
+@@ -119,7 +119,7 @@
+ char *tmp;
+ size_t l;
+ /* do some special handling for date values on AD */
+- if (strcasecmp(attr, "pwdLastSet") == 0)
++ if ((strcasecmp(attr, "pwdLastSet") == 0) || (strcasecmp(attr, "accountExpires") == 0))
+ {
+ /* we expect an AD 64-bit datetime value;
+ we should do date=date/864000000000-134774
+@@ -200,12 +200,12 @@
+ if (tmpvalue == NULL)
+ tmpvalue = "";
+ *lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange);
++ *expiredate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowExpire);
+ /* get other shadow properties */
+ GET_OPTIONAL_LONG(*mindays, shadowMin, -1);
+ GET_OPTIONAL_LONG(*maxdays, shadowMax, -1);
+ GET_OPTIONAL_LONG(*warndays, shadowWarning, -1);
+ GET_OPTIONAL_LONG(*inactdays, shadowInactive, -1);
+- GET_OPTIONAL_LONG(*expiredate, shadowExpire, -1);
+ GET_OPTIONAL_LONG(*flag, shadowFlag, 0);
+ /* if we're using AD handle the flag specially */
+ if (strcasecmp(attmap_shadow_shadowLastChange, "pwdLastSet") == 0)