[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User account policies

tor, 2002-07-11 kl. 07:29 skrev Michael Fuller:

> One more query regarding user account administration. I need to implement
> the following for user accounts in OpenLDAP v2.x

> 1. Temporary disabling of a user account - Like when a manager goes on
> vacation and wants to prevent misuse
> 2. Minimum password length.
> 3. Password aging, and notification to user when password is about expire.
> 4. Minimum password age.

Although you said in your previous posting that you didn't want admin
tools for your users, if you are (as I am) learning openldap/LDAPv3, you
should *definitely* get the latest GQ and play around with it. It will
teach you basic schema structure and rules more quickly than anything


If you make your users Unix users and if you have /etc/shadow as the
password base rather than the LDAP password base, the shadowAccount /
Posix* combo will let you do just what you describe above.

Someone else might have a solution for LDAP-based passwords, but I doubt
it, since this has (obviously) been asked before. No one seemed to have
a ready answer.




Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981

Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel