[Date Prev][Date Next]
cn=config support for non-overlay modules and naming conventions
- To: email@example.com
- Subject: cn=config support for non-overlay modules and naming conventions
- From: Quanah Gibson-Mount <firstname.lastname@example.org>
- Date: Thu, 02 Aug 2018 09:16:03 -0700
- Content-disposition: inline
The slapo-ppolicy overlay has a parameter for loading an external module
for doing additional password checks. One example of this would be the LTB
project's PPM (password policy module) extension.
However, we currently have no method in OpenLDAP for supporting
configuration for such a module via cn=config. Using this module, we can
see two basic issues:
a) There needs to be a way to load schema for the module for whatever its
configuration items are
b) There needs to be a way to use so that it can have multiple policies
(similar to ppolicy) so that you can have different password checking
policies. Something like: pwdCheckModule <modulepath> <policyDN>. In this
way, you could have multiple password policies with different password
Additionally, we currently do not have a standard on a naming convention
for manual pages, etc, for such an item. I would propose slapm-<name> (m
for module), such as "slapm-ppm.5"
Thoughts etc welcome.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: