Hi;
After reading some ppolicy HOWTOs, I've seen the following line in the slapd.conf file to assign a default password policy to users.
slapd.conf file contains: `ppolicy_default "cn=default,ou=policies,dc=example,dc=com"`
So I imagine this is used as the default policy for all users since it's defined globally.
If I have several OUs that define users, groups, etc… how would I implement a password policy per user/group?
For my setup, I would conceivably have: cn=swa-ppolicy,ou=ppolicies,dc=example,dc=com and cn=pse-ppolicy,ou=ppolicies,dc=example,dc=com
...and so on as I need policies in my directory.
How can I apply these per group or user? Would I add a field to my posix[User|Group] schema?
Thanks!
Rafael
On Tuesday 04 December 2007 01:35:57 R.B. wrote:
Hi;
After reading some ppolicy HOWTOs, I've seen the following line in the slapd.conf file to assign a default password policy to users.
slapd.conf file contains: `ppolicy_default "cn=default,ou=policies,dc=example,dc=com"`
So I imagine this is used as the default policy for all users since it's defined globally.
If I have several OUs that define users, groups, etc… how would I implement a password policy per user/group?
For my setup, I would conceivably have: cn=swa-ppolicy,ou=ppolicies,dc=example,dc=com and cn=pse-ppolicy,ou=ppolicies,dc=example,dc=com
...and so on as I need policies in my directory.
How can I apply these per group or user? Would I add a field to my posix[User|Group] schema?
Per-user, by setting the pwdPolicySubentry attribute on the entry for the user, as documented in slapo-ppolicy(5).
Regards, Buchan
Buchan Milne skrev, on 04-12-2007 14:59:
Per-user, by setting the pwdPolicySubentry attribute on the entry for the user, as documented in slapo-ppolicy(5).
ecco, ecco. I already mailed Gavin Henry about this, in the hope that it might be useful.
--Tonni
openldap-software@openldap.org
-
Buchan Milne -
R.B. -
Tony Earnshaw