[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About ppolicy

To: Jacques Foucry <jacques.foucry@novasparks.com>
Subject: Re: About ppolicy
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Fri, 3 May 2013 11:04:15 -0400 (EDT)
Cc: openldap-technical@openldap.org
In-reply-to: <5183CA9C.9080301@novasparks.com>
References: <5183CA9C.9080301@novasparks.com>
User-agent: Alpine 2.02 (SOC 1266 2009-07-14)

On Fri, 3 May 2013, Jacques Foucry wrote:

So I had a look to ppolicy and appli this tutorial:http://theslashroot.blogspot.fr/2011/12/openldap-with-ppolicy.html
Some things are not clear for me. Did I have to disable shadowAccount on myschema?
If not is shadowLastChange will be updated?

Any shadowAccount concepts and slapo-ppolicy are independent. Your localimplementation can consider the usage of one/both/neither in a coordinatedfashion, but slapd won't help you in this manner.

Note that slapo-ppolicy operates almost entirely server-side, whereas anyshadow-related attributes (i.e. shadowLastChange you mentioned) areupdated by LDAP clients (typically a LDAP NSS module or similar). Ifyou're trying to make something consistent across an entire directory,depending on client-specific behavior is difficult unless you have tightclient control.

I hope I need to include ppolicy schema on all my replica.


Keeping schema consistent across all your servers is a best practice.

Follow-Ups:
- Re: About ppolicy
  - From: Jacques Foucry <jacques.foucry@novasparks.com>

References:
- About ppolicy
  - From: Jacques Foucry <jacques.foucry@novasparks.com>

Prev by Date: Re: Help with first immersion into LDAP
Next by Date: Questions about multiple identical values in a field
Index(es):
- Chronological
- Thread