[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User account policies



tor, 2002-07-11 kl. 07:29 skrev Michael Fuller:

> One more query regarding user account administration. I need to implement
> the following for user accounts in OpenLDAP v2.x

> 1. Temporary disabling of a user account - Like when a manager goes on
> vacation and wants to prevent misuse
> 2. Minimum password length.
> 3. Password aging, and notification to user when password is about expire.
> 4. Minimum password age.

Although you said in your previous posting that you didn't want admin
tools for your users, if you are (as I am) learning openldap/LDAPv3, you
should *definitely* get the latest GQ and play around with it. It will
teach you basic schema structure and rules more quickly than anything
else.

http://sourceforge.net/project/?group_id=3805

If you make your users Unix users and if you have /etc/shadow as the
password base rather than the LDAP password base, the shadowAccount /
Posix* combo will let you do just what you describe above.

Someone else might have a solution for LDAP-based passwords, but I doubt
it, since this has (obviously) been asked before. No one seemed to have
a ready answer.

Best,

Tony

-- 

Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981


Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel