[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple password policies?

To: openldap-software@openldap.org
Subject: Re: multiple password policies?
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 4 Dec 2007 15:59:24 +0200
Cc: "R.B." <allegatis@gmail.com>
Content-disposition: inline
In-reply-to: <74d087110712031535y70058c6cqd3423f23e79e7a56@mail.gmail.com>
References: <74d087110712031535y70058c6cqd3423f23e79e7a56@mail.gmail.com>
User-agent: KMail/1.9.7

On Tuesday 04 December 2007 01:35:57 R.B. wrote:
> Hi;
>
> After reading some ppolicy HOWTOs, I've seen the following line in the
> slapd.conf file to assign a default password policy to users.
>
> slapd.conf file contains:
> `ppolicy_default "cn=default,ou=policies,dc=example,dc=com"`
>
> So I imagine this is used as the default policy for all users since
> it's defined globally.
>
> If I have several OUs that define users, groups, etc… how would I
> implement a password policy per user/group?
>
> For my setup, I would conceivably have:
> cn=swa-ppolicy,ou=ppolicies,dc=example,dc=com
> and
> cn=pse-ppolicy,ou=ppolicies,dc=example,dc=com
>
> ...and so on as I need policies in my directory.
>
> How can I apply these per group or user? Would I add a field to my
> posix[User|Group] schema?

Per-user, by setting the pwdPolicySubentry attribute on the entry for the 
user, as documented in slapo-ppolicy(5).

Regards,
Buchan

Follow-Ups:
- Re: multiple password policies?
  - From: Tony Earnshaw <tonni@hetnet.nl>

References:
- multiple password policies?
  - From: "R.B." <allegatis@gmail.com>

Prev by Date: Re: 2.4.6 prov/con, delta-syncrepl and auditContext
Next by Date: Re: 2.4.6 prov/con, delta-syncrepl and auditContext
Index(es):
- Chronological
- Thread