Re: Account Usable Request Control (1.3.6.1.4.1.42.2.27.9.5.8)

[Howard Chu <hyc@symas.com>]

Charls wrote:
> Hello,
>
> At the moment I'm working with the Sun Java System Directory Server. I
> would like to migrate to Openldap but of course without losing
> functionality. I enabled pam_ldap account management on all my Linux and
> Solaris computers and everything worked fine. Everyone could do
> nonpassword-based logins using tools such as rsh or ssh. This feature
> was provided by the "Account Usable Request Control"
> (1.3.6.1.4.1.42.2.27.9.5.8) from the Directory Server which is needed by
> the ldap_pam module from Solaris. After the installation from openldap
> on my Solaris server I recognized that nonpassword-based logins on the
> Solaris computers are not possible anymore. This problem [1] was
> discussed 2 years ago on "openldap-software@openldap.org" but there was
> no solution described. I would like to know if there is a way to get
> this feature enabled with openldap? If not what can i do else?

Actually I think Ando's reply outlined the solution quite clearly: you will 
have to implement the control and associated policy. It seems that between 
then and now nobody else has felt it was worth their time to do so. This 
Project is volunteer driven - things only happen when someone thinks they're 
important enough that they step forward and do it. Is it important enough to you?

> [1] http://www.openldap.org/lists/openldap-software/200710/msg00041.html


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/