[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RES: password policy user configuration

I think you need to have a separate container for holding your pwdPolicy. You do not store that information in your user entry.

On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:

User definition dn: uid=test,ou=orgunit,o=org objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: person objectClass: pwdPolicy loginShell: /bin/bash givenName: test sn: test-test displayName: test test-test uid: test homeDirectory: /home/test shadowFlag: 0 shadowMax: 35 shadowWarning: 7 shadowInactive: 99999 shadowExpire: 99999 cn: test test-test uidNumber: 12190 gidNumber: 25023 shadowMin: 10 pwdAttribute: userPassword

All the stuff below should be put in cn=mypasswdpolicy,cn=Policies,dc=example,dc=com

then you put an entry in your user account as such:

pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com

pwdMinAge: 30 pwdMaxAge: 120 pwdInHistory: 3 pwdMinLength: 8 pwdExpireWarning: 60 pwdLockout: TRUE pwdLockoutDuration: 60 pwdMaxFailure: 2 pwdSafeModify: TRUE shadowLastChange: 14006 pwdMustChange: FALSE userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I hope that helps,