[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ppolicy and Red Hat Linux

To: <openldap-technical@openldap.org>
Subject: RE: ppolicy and Red Hat Linux
From: Joe Friedeggs <friedeggs44@hotmail.com>
Date: Mon, 26 Oct 2009 10:37:10 -0500
Importance: Normal
In-reply-to: <4AE2CC83.8090207@informatik.uni-bremen.de>
References: <BLU143-W19B6347B53E22F0ADFBA72A5BD0@phx.gbl>

 <4AE2CC83.8090207@informatik.uni-bremen.de>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0




----------------------------------------
> Joe Friedeggs schrieb:
>> Debugging this issue has caused me a bit of confusion. In the LDAP logs=
=2C when logging into other equipment that 'binds as user'=2C I see warning=
s=2C etc. returned:
>>
>> ppolicy_bind: Setting warning for password expiry for uid=3Dtest_user=2C=
ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet =3D 1251 secds
>>
>> BUT=2C since the Linux LDAP client has a separate 'binddn'=2C I don't se=
e these warnings when the Linux LDAP client does the ldapsearch to validate=
 the user. How does the policy work in this situation?
>>
>> Am I missing something here?
>>
>
> Hello=2C
>
> have a look at 'man pam_ldap':
>
>=20
>> pam_lookup_policy=20
>> Specifies whether to search the root DSE for password policy. The defaul=
t is "no".
>=20
>
> Did you set that to yes on your clients in /etc/ldap.conf or what ever
> it is called on RHEL5?
>
>
> Regards=2C
> Christian Manal

Thanks for the response=2C Christian.

Yes=2C I have the following in my LDAP clients' /etc/ldap.conf:

host ldap_svc
binddn cn=3DsimpleBind=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet
bindpw simpleBind
bind_timelimit 3
base o=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet
sudoers_base ou=3Dsudoers=2Co=3Dtheorg=2Cdc=3Dexample=2Cdc=3Dnet
timelimit 7
idle_timelimit 3600

nss_base_passwd=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexa=
mple=2Cdc=3Dnet?one
nss_base_shadow=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dpeople=2Co=3Dtheorg=2Cdc=3Dexa=
mple=2Cdc=3Dnet?one
nss_base_group=A0=A0=A0=A0=A0=A0=A0=A0=A0 ou=3Dgroups=2Co=3Dtheorg=2Cdc=3De=
xample=2Cdc=3Dnet?one
nss_reconnect_tries 3
nss_initgroups_ignoreusers root=2Cldap=2Cnamed=2Chaldaemon=2Cradiusd=2Clinu=
x_admin

pam_password md5
pam_groupdn cn=3Dlevel_3=2Cou=3Dhost_ssh_access=2Co=3Dtheorg=2Cdc=3Dexample=
=2Cdc=3Dnet
pam_member_attribute uniqueMember
pam_lookup_policy yes


Thanks=2C
John
 		 	   		 =20
_________________________________________________________________
Windows 7: I wanted more reliable=2C now it's more reliable. Wow!
http://microsoft.com/windows/windows-7/default-ga.aspx?h=3Dmyidea?ocid=3DPI=
D24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_myidea:102009=

References:
- ppolicy and Red Hat Linux
  - From: Joe Friedeggs <friedeggs44@hotmail.com>
- Re: ppolicy and Red Hat Linux
  - From: Christian Manal <moenoel@informatik.uni-bremen.de>

Prev by Date: Re: ppolicy and Red Hat Linux
Next by Date: RE: ppolicy and Red Hat Linux
Index(es):
- Chronological
- Thread