[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: ppolicy and Red Hat Linux

To: <openldap-technical@openldap.org>
Subject: RE: ppolicy and Red Hat Linux
From: Joe Friedeggs <friedeggs44@hotmail.com>
Date: Mon, 26 Oct 2009 13:27:12 -0500
Importance: Normal
Re-posting minus the garbage....

>> Debugging this issue has caused me a bit of confusion.  In the LDAP logs, when logging into other equipment that 'binds as user', I see warnings, etc. returned:
>> 
>>    ppolicy_bind: Setting warning for password expiry for uid=test_user,ou=people,o=theorg,dc=example,dc=net = 1251 secds
>> 
>> BUT, since the Linux LDAP client has a separate 'binddn', I don't see these warnings when the Linux LDAP client does the ldapsearch to validate the user.  How does the policy work in this situation?
>> 
>> Am I missing something here?
>> 
>  
> Hello,
>  
> have a look at 'man pam_ldap':
>  
> <snip>
>>        pam_lookup_policy <yes|no>
>>               Specifies whether to search the root DSE for password policy. The default is "no".
> <snap>
>  
> Did you set that to yes on your clients in /etc/ldap.conf or what ever
> it is called on RHEL5?
>  
>  
> Regards,
> Christian Manal
 
Thanks for the response, Christian.

Yes, I have the following in my clients' /etc/ldap.conf:

host ldap_svc
binddn cn=simpleBind,o=theorg,dc=example,dc=net
bindpw simpleBind
bind_timelimit 3
base o=theorg,dc=example,dc=net
sudoers_base ou=sudoers,o=theorg,dc=example,dc=net
timelimit 7
idle_timelimit 3600
nss_base_passwd         ou=people,o=theorg,dc=example,dc=net?one
nss_base_shadow         ou=people,o=theorg,dc=example,dc=net?one
nss_base_group          ou=groups,o=theorg,dc=example,dc=net?one
nss_reconnect_tries 3
nss_initgroups_ignoreusers root,ldap,named,haldaemon,radiusd,linux_admin
pam_password md5
pam_groupdn cn=level_3,ou=host_ssh_access,o=theorg,dc=example,dc=net
pam_member_attribute uniqueMember
pam_lookup_policy yes


Thanks,
Joe

<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;
	mso-font-charset:1;
	mso-generic-font-family:roman;
	mso-font-format:other;
	mso-font-pitch:variable;
	mso-font-signature:0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:-1610611985 1073750139 0 0 159 0;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;
	mso-font-charset:0;
	mso-generic-font-family:modern;
	mso-font-pitch:fixed;
	mso-font-signature:-1610611985 1073750091 0 0 159 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-unhide:no;
	mso-style-qformat:yes;
	mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";
	mso-ascii-font-family:Calibri;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:Calibri;
	mso-fareast-theme-font:minor-latin;
	mso-hansi-font-family:Calibri;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-noshow:yes;
	mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.5pt;
	font-family:Consolas;
	mso-fareast-font-family:"Times New Roman";
	mso-fareast-theme-font:minor-fareast;
	mso-bidi-font-family:"Times New Roman";}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-noshow:yes;
	mso-style-priority:99;
	mso-style-unhide:no;
	mso-style-locked:yes;
	mso-style-link:"Plain Text";
	mso-ansi-font-size:10.5pt;
	mso-bidi-font-size:10.5pt;
	font-family:Consolas;
	mso-ascii-font-family:Consolas;
	mso-fareast-font-family:"Times New Roman";
	mso-fareast-theme-font:minor-fareast;
	mso-hansi-font-family:Consolas;
	mso-bidi-font-family:"Times New Roman";}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-default-props:yes;
	mso-ascii-font-family:Calibri;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:Calibri;
	mso-fareast-theme-font:minor-latin;
	mso-hansi-font-family:Calibri;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->



 		 	   		  
_________________________________________________________________
Windows 7: Simplify your PC. Learn more.
http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen1:102009
Prev by Date: RE: ppolicy and Red Hat Linux
Next by Date: Making copies of attribute values
Index(es):
- Chronological
- Thread