[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: deploying password policy module
- To: "'Michael Ströder'" <michael@stroeder.com>, <openldap-technical@openldap.org>
- Subject: RE: deploying password policy module
- From: "Paul B. Henson" <henson@acm.org>
- Date: Mon, 28 Apr 2014 18:35:27 -0700
- Content-language: en-us
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=MW3AB67DlRjSM01karkX44pCum5Zhoed+QtbJPgjd+8=; b=HDrZQj9XNteVt3yYDmGZvbboJrgkv9JzGkGi1nVYnd1kjmM6h0KHx4MpCdr0Pwzsy4 ZLOKyLhroBIn1s3Q7tY5Prp1AHbH89uWvuQqDvOPSmiewt+nOBq9XLHQfVv8tfJ1jb9R /GN3TS96BHkSAtiiiywfwRLP+DeuP0kpCNa2K6l07Wx52u3/jqANuw3RNCkj/O14JQzP JCLIczR5O37U8VQvkHHiiQRIEzm2nxQHD0IMfZD5jGujBX9S8/OCLhwCre6uI80XTyw7 lnErVqkgUPtukAzzZ1ZbTtl6bfTVDepCEVigy6/06r934SurwMLOhK5f6mhCzj5Xs0oh /umg==
- In-reply-to: <535DF497.9040606@stroeder.com>
- References: <054601cf5f53$6bea5f80$43bf1e80$@acm.org> <20140428015553.GA1541@bender.unx.csupomona.edu> <535DF497.9040606@stroeder.com>
- Thread-index: AQITbWbuK5/1i31wqUbPafa2JIqQhwKFLPRaAfplvleae76EoA==
> From: Michael Ströder
> Sent: Sunday, April 27, 2014 11:27 PM
>
> Sometimes it's handy to see when people had failed logins even if you
don't
> apply lockout policy.
It would be even more handy to be able to roll out password policy support
without having to shut down your entire LDAP infrastructure ;).
> You simply should not load slapo-ppolicy without also loading its schema.
On a given server, obviously. However, ideally, you should be able to load
the module on a given server but not have it actually do anything until
password policies are actually applied, allowing you to stage the rollout
across your servers until the module is loaded everywhere (with no instance
where every single server was unavailable).