Re: About set LDAP passwd expires
Simone Piccardi wrote: On 11/11/2011 03:31, Chris Jacobs wrote: Password Policy. The OpenLDAP Admin Guide and Google are your friends. That's good for LDAP authentication, but when you want to put linux users in LDAP then you need to have also to configure NSS and PAM to use it. And for most distribution nssov (that if I understand rightly the issue is the way to use ppolicy for NSS) is not packaged nor supported (and is not documented too, at least in the Guide). When did nssov come into the discussion? pam_ldap supports the password policy extension. The Admin Guide has only ever been a Guide, not an exhaustive reference. The manpages are always the complete and authoritative documentation. If you choose not to use features because they aren't mentioned in the Guide, you're shortchanging yourself. So at least for me the traditional posixAccount and posixGroup are still a better option (and there are many management packages you can use). -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: About set LDAP passwd expires
On 11/11/2011 03:31, Chris Jacobs wrote: Password Policy. The OpenLDAP Admin Guide and Google are your friends. That's good for LDAP authentication, but when you want to put linux users in LDAP then you need to have also to configure NSS and PAM to use it. And for most distribution nssov (that if I understand rightly the issue is the way to use ppolicy for NSS) is not packaged nor supported (and is not documented too, at least in the Guide). So at least for me the traditional posixAccount and posixGroup are still a better option (and there are many management packages you can use). Simone -- Simone Piccardi Truelite Srl picca...@truelite.it (email/jabber) Via Monferrato, 6 Tel. +39-347-103243350142 Firenze http://www.truelite.it Tel. +39-055-7879597Fax. +39-055-736
Re: About set LDAP passwd expires
On 11/11/2011 03:10, Gary Jsz wrote: Hi,All I want set my ldap user's password expires in linux server. how can to do? or the LDAP service read the linux system's /etc/login.defs file? If you use (as almost all distributions are doing) the traditional posixAccount account approach, you must set the shadowMax attribute to the maximum number of days the password can be considered value. And be sure that when you change an user password the shadowLastChange attribute is updated. Simone -- Simone Piccardi Truelite Srl picca...@truelite.it (email/jabber) Via Monferrato, 6 Tel. +39-347-103243350142 Firenze http://www.truelite.it Tel. +39-055-7879597Fax. +39-055-736
Re: About set LDAP passwd expires
Password Policy. The OpenLDAP Admin Guide and Google are your friends. - chris (Sorry for dbl send Gary - I'd forgotten to reply-to-all) Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628 email mailto:chris.jac...@apollogrp.edu From: openldap-technical-boun...@openldap.org To: openldap-technical@openldap.org Sent: Thu Nov 10 19:10:46 2011 Subject: About set LDAP passwd expires Hi,All I want set my ldap user's password expires in linux server. how can to do? or the LDAP service read the linux system's /etc/login.defs file? Thanks. This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
About set LDAP passwd expires
Hi,All I want set my ldap user's password expires in linux server. how can to do? or the LDAP service read the linux system's /etc/login.defs file? Thanks.
