[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Implementing password policy



On 07/01/2012 14:16, Joe Friedeggs wrote:
Your initial mail does not show a 'ppolicy_default' in slapd.conf. I
believe you need to create a default ppolicy entry in LDAP, and specify
it in slapd.conf:

# Password Policy
overlay ppolicy
ppolicy_default "cn=default,ou=ppolicy,dc=local"

For testing purpose I want only to apply it to this particular user, that's why I didn't put a default policy in slapd.conf

Without the default, or if you want a user to use something other than
default, you'll need to manually set the pwdPolicySubentry for the user.
In you case:

dn: uid=lcaron_99,ou=People,dc=local
changetype: modify
replace: pwdPolicySubentry
pwdPolicySubentry: cn=lcaron_99,ou=ppolicy,dc=local

From my 1st mail, I have the following:

"
dn: cn=lcaron_99,ou=ppolicy,dc=local
... snip ...
pwdMaxFailure: 3


dn: uid=lcaron_99,ou=People,dc=local
... snip ...
pwdPolicySubentry: cn=lcaron_99,ou=ppolicy,dc=local
"