[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About ppolicy



Le 03/05/2013 17:04, Aaron Richton a Ãcrit :

Aaron,

Any shadowAccount concepts and slapo-ppolicy are independent. Your local
implementation can consider the usage of one/both/neither in a
coordinated fashion, but slapd won't help you in this manner.
Ok.


Note that slapo-ppolicy operates almost entirely server-side, whereas
any shadow-related attributes (i.e. shadowLastChange you mentioned) are
updated by LDAP clients (typically a LDAP NSS module or similar). If
you're trying to make something consistent across an entire directory,
depending on client-specific behavior is difficult unless you have tight
client control.

If I understood, It will be easier to disable shadow-related attributes and keep slapo-ppolicy manage the password policy on server-side, because I can't have a very hight control on the clients.

Jacques
--
Jacques Foucry
*NOVÎSPARKS *
IT Manager
Tel : +33 (0)1 42 68 12 61
jacques.foucry@novasparks.com