Simone Piccardi wrote:
On 11/11/2011 03:31, Chris Jacobs wrote:Password Policy. The OpenLDAP Admin Guide and Google are your friends.That's good for LDAP authentication, but when you want to put linux users in LDAP then you need to have also to configure NSS and PAM to use it. And for most distribution nssov (that if I understand rightly the issue is the way to use ppolicy for NSS) is not packaged nor supported (and is not documented too, at least in the Guide).
When did nssov come into the discussion? pam_ldap supports the password policy extension.
The Admin Guide has only ever been a Guide, not an exhaustive reference. The manpages are always the complete and authoritative documentation. If you choose not to use features because they aren't mentioned in the Guide, you're shortchanging yourself.
So at least for me the traditional posixAccount and posixGroup are still a better option (and there are many management packages you can use).
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/