Le 03/05/2013 17:04, Aaron Richton a écrit :
Any shadowAccount concepts and slapo-ppolicy are independent. Your
implementation can consider the usage of one/both/neither in a
coordinated fashion, but slapd won't help you in this manner.
Note that slapo-ppolicy operates almost entirely server-side,
any shadow-related attributes (i.e. shadowLastChange you mentioned) are
updated by LDAP clients (typically a LDAP NSS module or similar). If
you're trying to make something consistent across an entire directory,
depending on client-specific behavior is difficult unless you have tight
If I understood, It will be easier to disable shadow-related attributes
and keep slapo-ppolicy manage the password policy on server-side,
because I can't have a very hight control on the clients.
Tel : +33 (0)1 42 68 12 61