>>OK, my understanding was that php-ldap bypassed the ppolicy ? If not then >>that's a great start. >>I get it that if as I have bound the ssp web interface to ldap via the root >>dn it will bypass anyway ?
>>No, PHP-LDAP is a client, it can't bypass a check done on server side. But >>OpenLDAP allows to bypass ppolicy if modification is done with rootdn by the >>client. So simply use a standard application account >>to do the modifiation >>and ppolicy will work as expected. Ok so the best approach would be either with a non adming account or the blank entry as in the docs ? Ex $ldap_binddn = "cn=ssp,dc=x,dc=y"; $ldap_bindpw = "XXXX"; $who_change_password = "manager"; (or user...) or $ldap_binddn = ""; $ldap_bindpw = ""; $who_change_password = "user"; Sebastian -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot
_______________________________________________ ltb-users mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
