[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP strong password enforcement

On Wednesday 14 December 2005 16:33, Henderson, Ron wrote:
> Good morning all,
> I am new to the list, and I am new to openldap. I am trying to use openldap
> as an user management tool to provide authentication to a distributed
> application. There are some here that really are pushing to use MS Active
> Directory, something I would like to avoid, however I need to enforce
> strong passwords. Is there any way to make openldap support the following
> password rules?
>        Password Generations,
>        Restricted word list,
>        Password composition rules (Upper, lower, digits, special, etc)
>        Password change polices
>        Account enabled/disabled
>        Account locked out.
>        Failed login limit
>        Min password length
>        Max password length
>        Min Number char different from last
> Again I am sorry if my questions have been answered 100 times before. I
> tried to use the FAQ-A-Matic and did not find anything, and I am under a
> time crunch to get answers. Can any of you help me out?

Consult the slapo-ppolicy man page.

The clients that will be using the LDAP directory for password changes and 
authentication (ie pam_ldap, samba etc) may also be relevant, and also 
whether you will be using strong authentication (ie Kerberos/SASL-gssapi), in 
which case you may also want to look at the smbk5pwd overlay.


Buchan Milne
ISP Systems Specialist

Attachment: pgpR5P1TRj9N3.pgp
Description: PGP signature