Hi Scott,
Thanks for your tip. It helped me to clarify my ideas and following Jarbas' tip, I could fix my bug and solved my problema.
Thank you very much
--- Gustavo Mendes de Carvalho email: gmcarvalho@gmail.com
-----Mensagem original----- De: Scott Classen [mailto:sclassen@lbl.gov] Enviada em: sábado, 10 de maio de 2008 12:05 Para: Gustavo Mendes de Carvalho Cc: openldap-technical@openldap.org Assunto: Re: RES: password policy user configuration
I think you need to have a separate container for holding your pwdPolicy. You do not store that information in your user entry.
On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:
User definition dn: uid=test,ou=orgunit,o=org objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: person objectClass: pwdPolicy loginShell: /bin/bash givenName: test sn: test-test displayName: test test-test uid: test homeDirectory: /home/test shadowFlag: 0 shadowMax: 35 shadowWarning: 7 shadowInactive: 99999 shadowExpire: 99999 cn: test test-test uidNumber: 12190 gidNumber: 25023 shadowMin: 10 pwdAttribute: userPassword
All the stuff below should be put in cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
then you put an entry in your user account as such:
pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
pwdMinAge: 30 pwdMaxAge: 120 pwdInHistory: 3 pwdMinLength: 8 pwdExpireWarning: 60 pwdLockout: TRUE pwdLockoutDuration: 60 pwdMaxFailure: 2 pwdSafeModify: TRUE shadowLastChange: 14006 pwdMustChange: FALSE userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
I hope that helps, Scott