Re: openldap 2.4.40 ppolicy module and shadowInactive equivalent

["Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov>]

Quanah,

 

I found little information on this contrib nssov overlay: http://www.openldap.org/doc/admin24/guide.html#nssov

 

How do you implement it? Is it similar to adding the ppolicy overlay?

 

Thank you,

Liz

 

From: Quanah Gibson-Mount <quanah@symas.com>
Reply-To: Quanah Gibson-Mount <quanah@symas.com>
Date: Monday, October 24, 2016 at 6:29 PM
To: "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: openldap 2.4.40 ppolicy module and shadowInactive equivalent

 

--On Monday, October 24, 2016 7:43 PM +0000 "Real, Elizabeth (392K)"

<Elizabeth.Real@jpl.nasa.gov> wrote:

 

I setup a password policy overlay on my openldap 2.4.40 servers running

RHEL7. I need to enforce the following: disable accounts that have been

inactive for 180 days. In the past we were able to do this by simply

adding the shadowInactive attribute to each account: shadowInactive 180.

But with the new openldap, it appears there is no equivalent attribute??

 

OpenLDAP ppolicy has never supported that attribute, as far as I know.  I

believe you are looking for the contrib nssov overlay, which does support

it.

 

Hope that helps!

 

Regards,

Quanah

 

 

 

--

 

Quanah Gibson-Mount

Product Architect

Symas Corporation

Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

<http://www.symas.com>