Jiri Netolicky wrote:
> Jiri Netolicky wrote:
>> Have a nice day.
>> I have to implement password policy in our OpenLdap. During testing futures
>> of ppolicy module I found that they ignore expired password when I authenticate
>> user by SASL DIGEST-MD5.
>> When I try on exprired account:
> Correct. Password policies as currently defined in LDAP only affect
> Simple Binds.
Many thanks for quick answer.
Do you plan in near future implement password policy in other
authentication methods? If not the only way for me is disable SASL
and force bind authentication secured by SSL or TLS.
It is certainly desirable, but pushing the SASL specification is really
outside the scope of LDAP. So yes, we are pushing for this, but have no
idea how long it will take.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/