Le 01/09/2017 à 14:45, Sebastian Perkins - Hoist Group - Switzerland a
écrit :
>>OK, my understanding was that php-ldap bypassed the ppolicy ? If not
then that’s a great start.
>>I get it that if as I have bound the ssp web interface to ldap via the
root dn it will bypass anyway ?
>>No, PHP-LDAP is a client, it can't bypass a check done on server side.
But OpenLDAP allows to bypass ppolicy if modification is done with
rootdn by the client. So simply use a standard application account
>>to do the modifiation and ppolicy will work as expected.
Ok so the best approach would be either with a non adming account or
the blank entry as in the docs ?
Ex
$ldap_binddn = "cn=ssp,dc=x,dc=y";
$ldap_bindpw = "XXXX";
$who_change_password = "manager"; (or user…)
or
$ldap_binddn = "";
$ldap_bindpw = "";
$who_change_password = "user";
If you use a blanck entry as binddn, you will not be able to use reset
features (mail/questions/sms) as in this case the old password of the
user is not known.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
