8 Jan
2008
8 Jan
'08
5:28 p.m.
Hi Kevin,
The ITS system is for reporting defects in OpenLDAP, and the symptoms you are describing are not indicative of that. The OpenLDAP team will probably close this ITS with a comment to that effect.
The 'passwd' command is an OS tool, not part of OpenLDAP. Its interaction with OpenLDAP is through the pam_ldap module, and the conifguration of that module is most likely where your problem lies. I suggest posting this question on the pam_ldap mailing list that is operated by PADL, or requesting support from your OS vendor (RedHat?).
Cheers,
-Matt
--
Matthew Hardin
Symas Corporation - The LDAP Guys
http://www.symas.com
khxie@directv.com wrote:
> Full_Name: Kevin Xie
> Version: 2.3.39
> OS: RHEL 4 update 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (147.21.16.3)
>
>
> I am testing ppolicy on OpenLDAP 2.3.39 and 2.3.38.
> When user password expired, LDAP forced user to change password using "passwd",
> it bypassed all the ppolicy settings, like, PwdMinLength, PwdInHistory.
> Is there a way to force "passwd" to check LDAP ppolicy like "ldappasswd" does?
> Is it because "passwd" and "ldappasswd" using different encryption methods?
>
> I've uploaded ppolicy and slapd.conf in khxie_ppolicy.txt.
> I've google searched the issue and didn't find any anwser.
>
> Thanks for your help.
>
> Kevin Xie
>
>
> .
>
>