Hello,
Well, you might want to take a look at the recent thread
"removing ppolicy overlay" (especially Frank Swasey's latest
answer).
If you do not want to go through the hassle of editing your LDAP
database to remove all ppolicy attributes, you may leave the
password policy overlay enabled without any default policy set,
which would be basically the same as having it disabled since no
policy would be enforced.
For this to work, you will want to check if there is no
"pwdPolicySubentry" attribute somewhere, that would explicitely
enable a password policy on the object.
Have a nice day,
--
Matthieu CERDA
Le 23/04/2018 à 07:22, Tayyab Saeed a
écrit :
Dear All,
How can we disable password policy completely?
Thanks,
Tayyab Saeed
From:
"Dave Macias" <davama@gmail.com>
To: "Tayyab Saeed" <tayyab.saeed@nds.com.pk>
Cc: openldap-technical@openldap.org, "Matthieu
Cerda" <matthieu.cerda@nbs-system.com>
Sent: Thursday, April 19, 2018 5:36:04 PM
Subject: Re: exempt some users from OpenLDAP
password policy
What your ldap tree look like (the relevant parts,
users, current ppolicy)?
As far as links, there are soo many out there. Just
search for one that fits your enviroment
Here is how to add a ppolicy in the first place.
How to add ppolicy to specific objects:
As Matthieu already mentioned, assuming you already
have a ppolicy, then you would need to create a less
restrictive policy and apply to specific users using
the pwdPolicySubentry attribute
regards,
dave
On Apr 15, 2018, 11:50 PM -0400, Tayyab Saeed < tayyab.saeed@nds.com.pk>,
wrote:
Dear
All,
I am sorry but still unable to configure the
same, could anyone please share the complete
steps / link so i can setup the same.
Thanks,
Tayyab Saeed
From:
"Dave Macias" < davama@gmail.com>
To: "Matthieu Cerda" < matthieu.cerda@nbs-system.com>
Cc: openldap-technical@openldap.org
Sent: Friday, April 13, 2018 8:27:04 PM
Subject: Re: exempt some users from
OpenLDAP password policy
Here is an example which you
can apply per-user which needs to be
exempted:
dn:
cn=ppolicy-exclude,ou=policies,dc=organization,dc=org
cn: ppolicy-exclude
objectClass: top
objectClass: device
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdLockout: FALSE
--
Matthieu Cerda
Infrastructure, BU Means @ NBS System
|