On Tue, 2012-06-05 at 12:17 +0200, Angel Bosch wrote:
hi,
I'm not sure if this is sss related, but I can't get passwd policies working.
Is there anyone using shadow attributes for passwd policies?
You should be able to configure this using:
ldap_pwd_policy = shadow
Additionally, if any of your shadow attributes are renamed, you can use:
ldap_user_shadow_last_change
ldap_user_shadow_min
ldap_user_shadow_max
ldap_user_shadow_warning
ldap_user_shadow_inactive
ldap_user_shadow_expire
to set them.
Be aware, however, that SSSD will *always* honor server-side password
policies if they are available. This is primarily done because shadow
attributes are rarely (if ever) properly maintained by the server, and
thus the LDAP password policy control is more reliable. So if they
disagree, the password policy control will always "win".