[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5310) ppolicy

Hi Kevin,

The ITS system is for reporting defects in OpenLDAP, and the symptoms 
you are describing are not indicative of that. The OpenLDAP team will 
probably close this ITS with a comment to that effect.

The 'passwd' command is an OS tool, not part of OpenLDAP. Its 
interaction with OpenLDAP is through the pam_ldap module, and the 
conifguration of that module is most likely where your problem lies. I 
suggest posting this question on the pam_ldap mailing list that is 
operated by PADL, or requesting support from your OS vendor (RedHat?).




Matthew Hardin
Symas Corporation - The LDAP Guys

khxie@directv.com wrote:
> Full_Name: Kevin Xie
> Version: 2.3.39
> OS: RHEL 4 update 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> I am testing ppolicy on OpenLDAP 2.3.39 and 2.3.38. 
> When user password expired, LDAP forced user to change password using "passwd",
> it bypassed all the ppolicy settings, like, PwdMinLength, PwdInHistory. 
> Is there a way to force "passwd" to check LDAP ppolicy like "ldappasswd" does? 
> Is it because "passwd" and "ldappasswd" using different encryption methods?
> I've uploaded ppolicy and slapd.conf in khxie_ppolicy.txt.
> I've google searched the issue and didn't find any anwser.
> Thanks for your help.
> Kevin Xie
> .