Re: RES: password policy user configuration

[Scott Classen <sclassen@lbl.gov>]

I think you need to have a separate container  for holding your  
pwdPolicy. You do not store that information in your user entry.


On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:
> User definition
> dn: uid=test,ou=orgunit,o=org
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> objectClass: person
> objectClass: pwdPolicy
> loginShell: /bin/bash
> givenName: test
> sn: test-test
> displayName: test test-test
> uid: test
> homeDirectory: /home/test
> shadowFlag: 0
> shadowMax: 35
> shadowWarning: 7
> shadowInactive: 99999
> shadowExpire: 99999
> cn: test test-test
> uidNumber: 12190
> gidNumber: 25023
> shadowMin: 10
> pwdAttribute: userPassword

All the stuff below should be put in
cn=mypasswdpolicy,cn=Policies,dc=example,dc=com

then you put an entry in your user account as such:

pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com



> pwdMinAge: 30
> pwdMaxAge: 120
> pwdInHistory: 3
> pwdMinLength: 8
> pwdExpireWarning: 60
> pwdLockout: TRUE
> pwdLockoutDuration: 60
> pwdMaxFailure: 2
> pwdSafeModify: TRUE
> shadowLastChange: 14006
> pwdMustChange: FALSE
> userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


I hope that helps,
Scott