On Tuesday 02 January 2007 13:34, Alina Dubrovska wrote:I have inspected slapo-ppolicy(5) overlay functionality, seems that:
"pwdMaxAge=<lifetime>" + "pwdGraceAuthnLimit=0"
would help, but then I need to setup separate policy for each user with different lifetime (not acceptable).
To be completely accurate, you would create a policy, and apply that policy to individual entries by setting the pwdPolicySubentry attribute of that entry to the DN of the policy.
I would like to ask if slapd(8) offers features (in addition to slapo-ppolicy) to control the lifetime of directory users' credentials? Is there a convenient way to implement such requirement?
Note the ppolicy_default option, documented in the man page, which allows you to have a default password policy for the entire database (which you would override if necessary as above).
Regards, Buchan
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/