[Fedora-directory-users] Issue with fine-grained password policy
Greg Copeland
GCopeland at efjohnson.com
Fri Oct 27 20:53:57 UTC 2006
Great. Thanks. When I read that I was wondering if I had skipped a
step.
Cheers,
Greg Copeland
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-
> users-bounces at redhat.com] On Behalf Of Howard Chu
> Sent: Friday, October 27, 2006 9:57 AM
> To: fedora-directory-users at redhat.com
> Subject: RE: [Fedora-directory-users] Issue with fine-grained password
> policy
>
> > Date: Thu, 26 Oct 2006 12:06:08 -0500
> > From: "Greg Copeland" <GCopeland at efjohnson.com>
>
> >> > Actually PADL's pam_ldap has had support for Netscape password
policy
> >> > for many years - you just have to enable it and tell it the DN of
the
> >> > policy object. Recently support has also been added for the IETF
> draft
> >
> > Can you expand on the "...tell it the DN..." part there?
>
> I misspoke. When you configure the pam_lookup_policy keyword pam_ldap
> will do an anonymous search in the rootDSE with a filter
> (objectclass=passwordPolicy) and use what it finds there. So the only
> requirement is that you give anonymous enough privileges to perform
the
> search.
>
> --
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the 389-users
mailing list