[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Attribute questions

To: <openldap-general@OpenLDAP.org>
Subject: RE: Attribute questions
From: "Ranjan Bagchi" <ranjan.bagchi@pobox.com>
Date: Sun, 21 Feb 1999 13:47:09 -0800
Cc: "Richard Heller" <rheller@prime.cs.ohiou.edu>
Importance: Normal
In-reply-to: <Pine.GSO.3.96.990221133338.4145A-100000@prime.cs.ohiou.edu>

Hi Rich,

Add something like this to your slapd.conf:

access  to attr=userpassword by * none
access  to * by self write

One way to ensure those password characteristics is to put the constraints
into the client program -- modify and specialize ldappasswd for instance and
have your users use that.

I've found the passwords to be pretty flexible:  for instance, I can cut the
entry from /etc/shadow and paste it into ldif -- prefixed by {crypt} and I
can authenticate with my login password.  (That made me really happy since I
really didn't want my users to be forced to reenter their passwords as we
switch to LDAP-based authentication).

Good luck,

--rj



> -----Original Message-----
> From: owner-openldap-general@OpenLDAP.org
> [mailto:owner-openldap-general@OpenLDAP.org]On Behalf Of Richard Heller
> Sent: Sunday, February 21, 1999 10:39 AM
> To: openldap-general@OpenLDAP.org
> Subject: Attribute questions
>
>
> Hi,
>
> How do I set the access permissions on an attribute?  For example, I want
> userpasswords to be critical data that can not be read by anybody.  How do
> I set that?  Also, is there a way to specify a max/min size of a string?
> For example, if I want the userpasswords to be at least 3 characters but
> no more than 10.
>
> Thanks,
> Rich
>
>
>
>

References:
- Attribute questions
  - From: Richard Heller <rheller@prime.cs.ohiou.edu>

Prev by Date: Attribute questions
Next by Date: ldbmcat problem
Index(es):
- Chronological
- Thread