[Date Prev][Date Next] [Chronological] [Thread] [Top]

Mapping attribute from ppolicy shemas to shadowaccount


Despite my search I can't find a good solution to my issue.

I would like to implement passord policy inside my LDAP server. So I will use the password policy overlay. The policy applyed to the user is located on the pwdPolicySubentry attribute of the user entry.

I would like to configure the password expiration warning on my policy. I would also that this warning will be displayed on my linux based server.

Due to the deprecation of pam_ldap module on recent system, I'm using SSSD. Despite my search, SSSD is only able to fetch the password expiration attribut inside the shadowAccount objectClass (so on the user entry).

To be able to define my policy once, I have to show and rename the ppolicy objectClass attribut referenced by the pwdPolicySubentry dn inside the user entry.

with the slapo-rwm I can map the attribute of the same leaf objectClass to another name but I'm not able to follow the pwdPolicySubentry DN and map the value of this object inside the posixAccount objectClass.

How to acheave this ?