--On Monday, October 24, 2016 7:43 PM +0000 "Real, Elizabeth (392K)" Elizabeth.Real@jpl.nasa.gov wrote:
I setup a password policy overlay on my openldap 2.4.40 servers running RHEL7. I need to enforce the following: disable accounts that have been inactive for 180 days. In the past we were able to do this by simply adding the shadowInactive attribute to each account: shadowInactive 180. But with the new openldap, it appears there is no equivalent attribute??
OpenLDAP ppolicy has never supported that attribute, as far as I know. I believe you are looking for the contrib nssov overlay, which does support it.
Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah,
I found little information on this contrib nssov overlay: http://www.openldap.org/doc/admin24/guide.html#nssov
How do you implement it? Is it similar to adding the ppolicy overlay?
Thank you, Liz
From: Quanah Gibson-Mount quanah@symas.com Reply-To: Quanah Gibson-Mount quanah@symas.com Date: Monday, October 24, 2016 at 6:29 PM To: "Real, Elizabeth (392K)" Elizabeth.Real@jpl.nasa.gov, "openldap-technical@openldap.org" openldap-technical@openldap.org Subject: Re: openldap 2.4.40 ppolicy module and shadowInactive equivalent
--On Monday, October 24, 2016 7:43 PM +0000 "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.govmailto:Elizabeth.Real@jpl.nasa.gov> wrote:
I setup a password policy overlay on my openldap 2.4.40 servers running RHEL7. I need to enforce the following: disable accounts that have been inactive for 180 days. In the past we were able to do this by simply adding the shadowInactive attribute to each account: shadowInactive 180. But with the new openldap, it appears there is no equivalent attribute??
OpenLDAP ppolicy has never supported that attribute, as far as I know. I believe you are looking for the contrib nssov overlay, which does support it.
Hope that helps!
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org