RES: RES: password policy user configuration

["Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>]

Hi Scott,

Thanks for your tip. It helped me to clarify my ideas and following Jarbas'
tip, I could fix my bug and solved my problema.

Thank you very much 


---
Gustavo Mendes de Carvalho
email: gmcarvalho@gmail.com

-----Mensagem original-----
De: Scott Classen [mailto:sclassen@lbl.gov] 
Enviada em: sábado, 10 de maio de 2008 12:05
Para: Gustavo Mendes de Carvalho
Cc: openldap-technical@openldap.org
Assunto: Re: RES: password policy user configuration

I think you need to have a separate container  for holding your pwdPolicy.
You do not store that information in your user entry.


On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:
>
> User definition
> dn: uid=test,ou=orgunit,o=org
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> objectClass: person
> objectClass: pwdPolicy
> loginShell: /bin/bash
> givenName: test
> sn: test-test
> displayName: test test-test
> uid: test
> homeDirectory: /home/test
> shadowFlag: 0
> shadowMax: 35
> shadowWarning: 7
> shadowInactive: 99999
> shadowExpire: 99999
> cn: test test-test
> uidNumber: 12190
> gidNumber: 25023
> shadowMin: 10
> pwdAttribute: userPassword

All the stuff below should be put in
cn=mypasswdpolicy,cn=Policies,dc=example,dc=com

then you put an entry in your user account as such:

pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com



>
> pwdMinAge: 30
> pwdMaxAge: 120
> pwdInHistory: 3
> pwdMinLength: 8
> pwdExpireWarning: 60
> pwdLockout: TRUE
> pwdLockoutDuration: 60
> pwdMaxFailure: 2
> pwdSafeModify: TRUE
> shadowLastChange: 14006
> pwdMustChange: FALSE
> userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>


I hope that helps,
Scott