[Date Prev][Date Next]
Setting up user accounts with ppolicy attributes
I've been working with OpenLDAP 2.3.30 to set up ppolicy processing. I
think I have the policies set up correctly in the DLAP database using the
following ppolicy.ldif file:
dn: ou=policies, dc=my-domain,dc=com
# 30 day password limit (2592000 seconds) with an even longer expire warning
# Items not currently used.
and the following entries in the slapd.conf file:
# password policy
However, I'm having trouble creating user accounts.
Looking at the OpenLDAP documentation and the ppolicy.schema file, it
appears that I need to include objectClass: pwdPolicy as an auxiliary class
(along with posixAccount, which is the basic user account class), and then
include attributes for pwdChangedTime, pwdAccountLockedTime, pwdHistory,
etc. The ppolicy.schema file indicates that the format in the ldif file
should actually be something like:
for pwdChangedTime. The format for pwdHistory sounds really complex, and
the doc indicates that if this attribute is missing, OpenLDAP will not
support password history processing, so it sound like I need to get these
attributes into the account struture.
Trouble is, if I try to include such values I either get an import failure
without error messages, an error that says "no user modification allowed"
(even when I'm adding an account), or an indication that I'm using an
Does anyone have an example LDIF file that shows how to set up a user
account to track ppolicy processing? I have the feeling I'm missing
something really obvious here, but I absolutely don't see it yet.
Thanks for any help that anyone can provide.
Hotmail to go? Get your Hotmail, news, sports and much more!