Hi,All
I want set my ldap user's password expires in linux server. how can to do? or the LDAP service read the linux system's /etc/login.defs file?
Thanks.
Password Policy. The OpenLDAP Admin Guide and Google are your friends.
- chris
(Sorry for dbl send Gary - I'd forgotten to reply-to-all)
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628 email mailto:chris.jacobs@apollogrp.edu
________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Thu Nov 10 19:10:46 2011 Subject: About set LDAP passwd expires
Hi,All
I want set my ldap user's password expires in linux server. how can to do? or the LDAP service read the linux system's /etc/login.defs file?
Thanks.
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
On 11/11/2011 03:31, Chris Jacobs wrote:
Password Policy. The OpenLDAP Admin Guide and Google are your friends.
That's good for LDAP authentication, but when you want to put linux users in LDAP then you need to have also to configure NSS and PAM to use it.
And for most distribution nssov (that if I understand rightly the issue is the way to use ppolicy for NSS) is not packaged nor supported (and is not documented too, at least in the Guide).
So at least for me the traditional posixAccount and posixGroup are still a better option (and there are many management packages you can use).
Simone
Simone Piccardi wrote:
On 11/11/2011 03:31, Chris Jacobs wrote:
Password Policy. The OpenLDAP Admin Guide and Google are your friends.
That's good for LDAP authentication, but when you want to put linux users in LDAP then you need to have also to configure NSS and PAM to use it.
And for most distribution nssov (that if I understand rightly the issue is the way to use ppolicy for NSS) is not packaged nor supported (and is not documented too, at least in the Guide).
When did nssov come into the discussion? pam_ldap supports the password policy extension.
The Admin Guide has only ever been a Guide, not an exhaustive reference. The manpages are always the complete and authoritative documentation. If you choose not to use features because they aren't mentioned in the Guide, you're shortchanging yourself.
So at least for me the traditional posixAccount and posixGroup are still a better option (and there are many management packages you can use).
On 11/11/2011 03:10, Gary Jsz wrote:
Hi,All
I want set my ldap user's password expires in linux server. howcan to do? or the LDAP service read the linux system's /etc/login.defs file?
If you use (as almost all distributions are doing) the traditional posixAccount account approach, you must set the shadowMax attribute to the maximum number of days the password can be considered value. And be sure that when you change an user password the shadowLastChange attribute is updated.
Simone
openldap-technical@openldap.org
-
Chris Jacobs -
Gary Jsz -
Howard Chu -
Simone Piccardi