[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ppolicy issues

To: openldap-technical@openldap.org
Subject: Re: Ppolicy issues
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 21 Feb 2008 08:48:55 +0200
Cc: Bryan Payne <bpayne@speedfc.com>
Content-disposition: inline
In-reply-to: <47BC42C8.9060807@speedfc.com>
References: <47BC42C8.9060807@speedfc.com>
User-agent: KMail/1.9.7

On Wednesday 20 February 2008 17:10:00 Bryan Payne wrote:
> Thank you for your help. I added the pwdPolicySubentry to a user to no
> avail. I did find this in the logfile though:
>
> Feb 20 09:01:13 ldapserver slapd[6709]: conn=95289 op=4 SEARCH RESULT
> tag=101 err=50 nentries=0 text=Operations are restricted to
> bind/unbind/abandon/StartTLS/modify password
>
> So it looks like it's trying to do something but cannot. While I'm
> concerned about password strength, I'm more concerned (at this point)
> with just having the machine prompt for a password change. 

Well, what do you mean by "the machine" ? It looks like the password has 
expired, but if you're expecting a prompt for a password change, that's a 
client side issue. So, what is the client in this case? Recent versions of 
pam_ldap support ppolicy (IIRC including the one shipped with RHEL4), but you 
didn't say which client this is.

Also, you said accounts get locked, but users can still log in? This sounds 
like you might not actually be using pam_ldap for authentication, but the 
pam_unix->nss_ldap (NIS replacement and nothing more) method, which won't see 
anything relating to ppolicy.

Regards,
Buchan

Follow-Ups:
- Re: Ppolicy issues
  - From: Bryan Payne <bpayne@speedfc.com>

References:
- Re: Ppolicy issues
  - From: Bryan Payne <bpayne@speedfc.com>

Prev by Date: RE: LDAP Writes are not propagated to mirror nodes.
Next by Date: Re: TLS LDAP Configuration w/Linux 5.0
Index(es):
- Chronological
- Thread