[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ppolicy
Dieter Kluenter wrote:
Hi,
"Allgood, John"<jallgood@ohl.com> writes:
Hey Guys
I have another question in regards to using ppolicy. I have built my policy
into ldap. How do I apply that policy to my existing user objects.
You either create a default rule set in slapd.conf or add a policy
subentry to a user entry. Something like
dn: cn=some user,ou=users
cn: some user
objectclass: inetorgPerson
objectclass: pwdPolicy
pwdAttribute: 2.5.4.35
pwdPolicySubentry: cn=users,ou=policies
NO.
Where did you get this idea from?
There is no reason to set "objectclass: pwdPolicy" on the user object.
Likewise, pwdAttribute does not belong there.
...
dn: cn=users,ou=policies
cn: users
objectClass: organizationalRole
objectClass: pwdPolicy
pwdAllowUserChange: TRUE
pwdAttribute: 2.5.4.35
pwdCheckQuality: 1
pwdExpireWarning: 86400
pwdGraceAuthNLimit: 2
pwdInHistory: 6
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxAge: 250000
pwdMaxFailure: 3
-Dieter
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
- References:
- ppolicy
- From: "Allgood, John" <jallgood@ohl.com>
- Re: ppolicy
- From: "Dieter Kluenter" <dieter@dkluenter.de>