[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap 2.4.40 ppolicy module and shadowInactive equivalent



Hi Elizabeth,

You would likely need to compile it yourself, as I'm not aware of any distributions that ship NSSOV (although some may).

There is more information on it here:

<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=contrib/slapd-modules/nssov/README;h=a25cf75b17222570e4cc72dda2b951223f8988fe;hb=refs/heads/OPENLDAP_REL_ENG_2_4>

Hope that helps!

Regards,
Quanah

--On Tuesday, October 25, 2016 5:09 PM +0000 "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:



Quanah,



I found little information on this contrib nssov overlay:
http://www.openldap.org/doc/admin24/guide.html#nssov



How do you implement it? Is it similar to adding the ppolicy overlay?




Thank you,

Liz



From: Quanah Gibson-Mount <quanah@symas.com>
Reply-To: Quanah Gibson-Mount <quanah@symas.com>
Date: Monday, October 24, 2016 at 6:29 PM
To: "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov>,
"openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: openldap 2.4.40 ppolicy module and shadowInactive equivalent




--On Monday, October 24, 2016 7:43 PM +0000 "Real, Elizabeth (392K)"

<Elizabeth.Real@jpl.nasa.gov> wrote:





I setup a password policy overlay on my openldap 2.4.40 servers running

RHEL7. I need to enforce the following: disable accounts that have been

inactive for 180 days. In the past we were able to do this by simply

adding the shadowInactive attribute to each account: shadowInactive 180.

But with the new openldap, it appears there is no equivalent attribute??





OpenLDAP ppolicy has never supported that attribute, as far as I know.  I

believe you are looking for the contrib nssov overlay, which does support

it.



Hope that helps!



Regards,

Quanah







--



Quanah Gibson-Mount

Product Architect

Symas Corporation

Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

<http://www.symas.com>







--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>