Re: Configuring ppolicy problem

Le 29/08/2012 20:52, cbulist a écrit : > Thanks Clement and Guillaume for your reply. > > This is my operational attributes for my user: > > dn: cn=user1,ou=policies,dc=samle,dc=com > objectClass: pwdPolicy > objectClass: top > objectClass: shadowAccount > objectClass: inetOrgPerson > objectClass: organizationalPerson > objectClass: person > cn: user1 > pwdAttribute: userPassword > sn: user1 > uid: user1 > pwdAllowUserChange: TRUE > pwdExpireWarning: 10 > pwdLockout: TRUE > pwdMaxAge: 15 > pwdMustChange: TRUE Those are plain attributes, not *operational* attributes. > Guillaume: > I know that my access configuration is dangereous but how I am testing I > just want to be sure don't block anything. > If I understood your concept I can't use pwdPolicy for unix account. Is > there any way to control password history with shadowAccount?.. Not with shadowAccount, but with password policy. Just create a pwdPolicy object, instance of pwdPolicy class, and apply it to either all your users, through slapd.conf ppolicy_default setting, or just to some of your users, through its operational pwdPolicySubentry attribute. Basically, you should have distinct user and policy objects, such as: dn: cn=user1,ou=users,dc=samle,dc=com objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person cn: user1 sn: user1 uid: user1 userPassword: XXXX dn: cn=default,ou=policies,dc=samle,dc=com objectClass: pwdPolicy objectClass: top pwdAllowUserChange: TRUE pwdExpireWarning: 10 pwdLockout: TRUE pwdMaxAge: 15 pwdMustChange: TRUE