[Fedora-directory-users] Issue with fine-grained password policy
Howard Chu
hyc at symas.com
Fri Oct 27 14:56:45 UTC 2006
> Date: Thu, 26 Oct 2006 12:06:08 -0500
> From: "Greg Copeland" <GCopeland at efjohnson.com>
>> > Actually PADL's pam_ldap has had support for Netscape password policy
>> > for many years - you just have to enable it and tell it the DN of the
>> > policy object. Recently support has also been added for the IETF draft
>
> Can you expand on the "...tell it the DN..." part there?
I misspoke. When you configure the pam_lookup_policy keyword pam_ldap
will do an anonymous search in the rootDSE with a filter
(objectclass=passwordPolicy) and use what it finds there. So the only
requirement is that you give anonymous enough privileges to perform the
search.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
More information about the Fedora-directory-users
mailing list