[Date Prev][Date Next]
Re: (ITS#5310) ppolicy
The ITS system is for reporting defects in OpenLDAP, and the symptoms
you are describing are not indicative of that. The OpenLDAP team will
probably close this ITS with a comment to that effect.
The 'passwd' command is an OS tool, not part of OpenLDAP. Its
interaction with OpenLDAP is through the pam_ldap module, and the
conifguration of that module is most likely where your problem lies. I
suggest posting this question on the pam_ldap mailing list that is
operated by PADL, or requesting support from your OS vendor (RedHat?).
Symas Corporation - The LDAP Guys
> Full_Name: Kevin Xie
> Version: 2.3.39
> OS: RHEL 4 update 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (126.96.36.199)
> I am testing ppolicy on OpenLDAP 2.3.39 and 2.3.38.
> When user password expired, LDAP forced user to change password using "passwd",
> it bypassed all the ppolicy settings, like, PwdMinLength, PwdInHistory.
> Is there a way to force "passwd" to check LDAP ppolicy like "ldappasswd" does?
> Is it because "passwd" and "ldappasswd" using different encryption methods?
> I've uploaded ppolicy and slapd.conf in khxie_ppolicy.txt.
> I've google searched the issue and didn't find any anwser.
> Thanks for your help.
> Kevin Xie