[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy

To: openldap-technical@openldap.org
Subject: Re: ppolicy
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 15 Jan 2009 15:09:53 +0100
In-reply-to: <82E499DEBAB95F4E91140984379FB1C62FFB41@NOC-ML-09.ohlogistics.com> (John Allgood's message of "Thu, 15 Jan 2009 07:12:54 -0600")
References: <82E499DEBAB95F4E91140984379FB1C62FFB41@NOC-ML-09.ohlogistics.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Hi,

"Allgood, John" <jallgood@ohl.com> writes:

> Hey Guys
>
> I have another question in regards to using ppolicy. I have built my policy
> into ldap. How do I apply that policy to my existing user objects.

You either create a default rule set in slapd.conf or add a policy
subentry to a user entry. Something like

dn: cn=some user,ou=users
cn: some user
objectclass: inetorgPerson
objectclass: pwdPolicy
pwdAttribute: 2.5.4.35
pwdPolicySubentry: cn=users,ou=policies
...

dn: cn=users,ou=policies
cn: users
objectClass: organizationalRole
objectClass: pwdPolicy
pwdAllowUserChange: TRUE
pwdAttribute: 2.5.4.35
pwdCheckQuality: 1
pwdExpireWarning: 86400
pwdGraceAuthNLimit: 2
pwdInHistory: 6
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxAge: 250000
pwdMaxFailure: 3

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E

Follow-Ups:
- Re: ppolicy
  - From: Howard Chu <hyc@symas.com>

References:
- ppolicy
  - From: "Allgood, John" <jallgood@ohl.com>

Prev by Date: Why TLS is always fail with OpenLdap 2.4.11
Next by Date: RE: Syncrepl Questions
Index(es):
- Chronological
- Thread