On Wednesday 14 December 2005 16:33, Henderson, Ron wrote: > Good morning all, > > I am new to the list, and I am new to openldap. I am trying to use openldap > as an user management tool to provide authentication to a distributed > application. There are some here that really are pushing to use MS Active > Directory, something I would like to avoid, however I need to enforce > strong passwords. Is there any way to make openldap support the following > password rules? > > Password Generations, > Restricted word list, > Password composition rules (Upper, lower, digits, special, etc) > Password change polices > Account enabled/disabled > Account locked out. > Failed login limit > Min password length > Max password length > Min Number char different from last > > Again I am sorry if my questions have been answered 100 times before. I > tried to use the FAQ-A-Matic and did not find anything, and I am under a > time crunch to get answers. Can any of you help me out? Consult the slapo-ppolicy man page. The clients that will be using the LDAP directory for password changes and authentication (ie pam_ldap, samba etc) may also be relevant, and also whether you will be using strong authentication (ie Kerberos/SASL-gssapi), in which case you may also want to look at the smbk5pwd overlay. Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpR5P1TRj9N3.pgp
Description: PGP signature