Hello there,
We have 40 machines on an educational informatics lab authenticating
with LDAP. I am using python ldap module as management tool. I am
experiencing two problems at now. The first one is when an user access ldap
by python the ppolicy pwdMinLenght doesn't work. The user can freely put a
password too short. That doesn't happen when using passwd. Check out the
python code snip:
import ldap
dn = 'uid=%s,ou=People,dc=example,dc=com' % 'user1'
con = ldap.initialize('ldapi:///')
con.bind_s(dn, raw_input('Password: ')) #getting the present password
con.passwd_s(dn, None, '1')
The to default_ppolicy entry pwdMinLenght is setted to 5, even so the
code above works to regular users and they can put passwords too short.
The second thing is in the lab sometimes users should be disabled for
time periods (2 weeks for instance). I guessed I could set
pwdAccountLockedTime to now and pwdLockoutDuration to the duration and the
user would be automatically unlocked after that time, but it doesn't look to
work. I guess this directives are only valid when pwdFailureTime is setted
by the authentication methods. Can someone confirm that I can't set manually
pwdAccountLockedTime and pwdLockoutDuration to block user access to a
determined period? What would be the alternatives?
I hope I haven't missed the answers because a lack of English skills. I
have "googled" a lot about that, but nothing useful came up. The mail list
archives search in openldap-technical doesn't return anything even when I
try ldap, or ppolicy. I browsed some month archives but got nothing by the
e-mail subjects.
Thanks in advance for any help and answers. I hope I have been understood
and sorry about any mistakes I've made concerning the language.
Theo
--
O Pensamento Governa o Universo
http://www.999thnight.com
http://www.unreversed.com
