[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: About ppolicy
Le 03/05/2013 17:04, Aaron Richton a Ãcrit :
Aaron,
Any shadowAccount concepts and slapo-ppolicy are independent. Your local
implementation can consider the usage of one/both/neither in a
coordinated fashion, but slapd won't help you in this manner.
Ok.
Note that slapo-ppolicy operates almost entirely server-side, whereas
any shadow-related attributes (i.e. shadowLastChange you mentioned) are
updated by LDAP clients (typically a LDAP NSS module or similar). If
you're trying to make something consistent across an entire directory,
depending on client-specific behavior is difficult unless you have tight
client control.
If I understood, It will be easier to disable shadow-related attributes
and keep slapo-ppolicy manage the password policy on server-side,
because I can't have a very hight control on the clients.
Jacques
--
Jacques Foucry
*NOVÎSPARKS *
IT Manager
Tel : +33 (0)1 42 68 12 61
jacques.foucry@novasparks.com