[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy definitions

To: Gustavo Mendes de Carvalho <gmcarvalho@gmail.com>
Subject: Re: Password policy definitions
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 28 Apr 2008 22:20:20 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <d363b8eb0804280838i4b090405t777beb8f7fbc8c59@mail.gmail.com>
References: <mailman.6.1209038401.7757.openldap-technical@openldap.org> <002801c8a662$466f1530$6400a8c0@pentiumdual> <200804251038.25576.bgmilne@staff.telkomsa.net> <d363b8eb0804251907r1115541v99971b5bc49c28a9@mail.gmail.com> <d363b8eb0804251926y537411a0u4e32394671d9abc1@mail.gmail.com> <481307CB.7070609@stroeder.com> <d363b8eb0804280629s6bafea5du490bfe8ad3880cb2@mail.gmail.com> <4815EB9F.9040701@stroeder.com> <d363b8eb0804280838i4b090405t777beb8f7fbc8c59@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9

Gustavo Mendes de Carvalho wrote:

2008/4/28 Michael Ströder <michael@stroeder.com>:

Gustavo Mendes de Carvalho wrote:

According with man 5 slapo-policy and OpenLDAP site docs, in attribute
pwdAttribute I have to input value userPassword, but this attribute
does not support strings (according with my tries), so I inserted
correspondent userPassword OID (1.3.6.1.4.1.1466.115.121.1.40)

 1.3.6.1.4.1.1466.115.121.1.40 is not the correct OID here. It identifies
the LDAP syntax 'Octet String' which is used for attribute type
'userPassword'.

 The correct OID for attribute type 'userPassword' to be put in
'pwdAttribute' is 2.5.4.35.


Yes, you are right, but my main question is what value do I have to
setup in pwdAttribute when configuring some user, if I choose to use
Password policy ?


I'm not sure I understand your question.

Mainly you'll add entries for specifying possibly different password policies. AFAIK for OpenLDAP's ppolicy implementation only pwdAttribute: 2.5.4.35 is valid in these entry.

You can then

1. define a default password policy entry in slapd.conf and

2. you can specify which password policy is applied to a certain entry by adding attribute 'pwdPolicySubentry' to the user's entry which contains the DN of the required password policy entry.

Ciao, Michael.

References:
- Password policy definitions
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>
- Re: Password policy definitions
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Password policy definitions
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>
- Re: Password policy definitions
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>
- Re: Password policy definitions
  - From: Michael Ströder <michael@stroeder.com>
- Re: Password policy definitions
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>
- Re: Password policy definitions
  - From: Michael Ströder <michael@stroeder.com>
- Re: Password policy definitions
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>

Prev by Date: Re: Password policy definitions
Next by Date: Re: Password policy definitions
Index(es):
- Chronological
- Thread