Re: How to enforce strong passwords in Openldap?

[Howard Chu <hyc@symas.com>]

Corey L. Johnson wrote:

> On Wednesday 01 December 2004 3:17 pm, Pierangelo Masarati wrote:
>  
>
> > Mike Partyka wrote:
> >    
> >
> > > I see, thanks for the info. Is there any other way to enforce password
> > > policy within the ldap directory then?
> > >      
> > As discussed earlier in this thread
> > http://www.openldap.org/lists/openldap-software/200412/msg00001.html ,
> > the ppolicy overlay is supposed to work even with 2.2.19.  At the moment
> > I don't see any other chance of implementing anything like that, except
> > writing your own.
> >
> >    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
> >    
>
> I am fairly new to openldap, but I began constructing a local.schema with the 
> info listed at:
>
> http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&sektion=0&manpath=OpenLDAP+2.X-Devel&format=html
> (previously listed by Pierangelo Masarati)
>
>  
The schema is already in CVS slapd/schema/ppolicy.schema.

> I would be greatly appreciative if someone would post the policy completed. I 
> will continue working on it (simply because I need it).  So far I just have 
> the objectclass "pwdPolicy" and attributes listed. Will I need much more than 
> the attributes and the objectclass? I mean will I have to define any other 
> variables, etc. for this to work correctly? 
>  
No, everything relevant is already defined.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support