[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how implement pwdpolicy

To: openldap-software@openldap.org
Subject: Re: how implement pwdpolicy
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 28 Apr 2009 18:39:00 +0200
Cc: Rahima Shaheen <rs@pyxisnet.com>
Content-disposition: inline
In-reply-to: <E7A9C4AC8A709E4B8419961996B820465C78E1@www.pyxisnet.com>
References: <E7A9C4AC8A709E4B8419961996B820465C78E1@www.pyxisnet.com>
User-agent: KMail/1.11.2 (Linux/2.6.29.1-desktop-4mnb; KDE/4.2.2; x86_64; ; )

On Tuesday 28 April 2009 08:44:41 Rahima Shaheen wrote:
> 5.	Now I want to create policy.ldif. Script
>
> dn: cn=default,ou=policies,dc=my-domain,dc=com
>
> cn: default
>
> objectClass: pwdPolicy
>
> objectClass: person
>
> objectClass: top
>
> pwdAllowUserChange: TRUE
>
> pwdAttribute: userPassword
>
> pwdCheckQuality: 2
>
> pwdExpireWarning: 600
>
> pwdFailureCountInterval: 30
>
> pwdGraceAuthNLimit: 5
>
> pwdInHistory: 5
>
> pwdLockout: TRUE
>
> pwdLockoutDuration: 0
>
> pwdMaxAge: 0
>
> pwdMaxFailure: 5
>
> pwdMinAge: 0
>
> pwdMinLength: 5
>
> pwdMustChange: FALSE
>
> pwdSafeModify: FALSE
>
> #sn: 'dummy value' objectClass: organizationalUnit
>
>
>
> It gives an error "Invalid syntax (21) pwdAttribute: value #0 invalid
> per syntax. 

I forget exactly when/which versions, but you may have to specify the OID of 
the password attribute, not the name, in pwdAttribute.

Regards,
Bucha

Follow-Ups:
- Re: how implement pwdpolicy
  - From: Howard Chu <hyc@symas.com>

References:
- how implement pwdpolicy
  - From: "Rahima Shaheen" <rs@pyxisnet.com>

Prev by Date: Re: syntax of ldap_modify_s
Next by Date: Re: how implement pwdpolicy
Index(es):
- Chronological
- Thread