[Date Prev][Date Next]
- To: firstname.lastname@example.org
- Subject: ppolicy
- From: Frank Swasey <Frank.Swasey@uvm.edu>
- Date: Wed, 21 Apr 2010 11:50:31 -0400
- User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:22.214.171.124) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4
We are setting up a new service that is going to actually hold passwords
in the OpenLDAP database instead of using Kerberos (via sasl and
saslauthd). To that end, I'm investigating ppolicy.
However, what I haven't found in the man page (slapo-ppolicy), or the
Admin Guide, or the FAQ-O-Matic is whether I need to configure ppolicy
on the master and the replicas or just the master.
My assumption is that I need to set up ppolicy on the replicas as well
as the master -- otherwise those pwd* operational attributes are not
going to be legal on the replica and I'll get in trouble. I haven't set
up a test environment with a replica yet -- so, I'm asking here.
I also see in the FAQ that ppolicy only works on OpenLDAP versions
greater than 2.3 (item 2 of the ppolicy checklist). So, I'm sensing
that ppolicy in OpenLDAP v2.3.x is not really completely functional? Am
I reading too much into the entry in the FAQ?
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)