libpam-ldap and password policies
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
libpam-ldap and password policies
- From: André Rodier <andre.rodier [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: libpam-ldap and password policies
- Date: Thu, 29 Mar 2018 22:40:19 +0100
Hello,
Thank you for you fabulous work, it is very useful for my project. I
have my system users in the LDAP directory, and everything works
perfectly, even passwords change from root or the users.
I am struggling, however, and I am blocked with password policies.
Is there any way to configure libpam-ldap to fulfil the password
policies specified in the directory?
For instance, I have set up, for testing, a very simple LDAP policy like
that in my directory:
--------------------------------------------------
dn: cn=default,ou=pwpolicies,dc=homebox,dc=space
pwdExpireWarning: 259200
pwdMaxFailure: 5
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdMinLength: 8
pwdCheckQuality: 0
pwdAttribute: userPassword
pwdLockoutDuration: 0
pwdInHistory: 0
sn: default
pwdMaxAge: 31536000
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 300
structuralObjectClass: person
entryUUID: 816d6c56-c7e0-1037-844b-b71639529cec
creatorsName: cn=admin,dc=homebox,dc=space
createTimestamp: 20180329210425Z
entryCSN: 20180329210425.211979Z#000000#000#000000
modifiersName: cn=admin,dc=homebox,dc=space
modifyTimestamp: 20180329210425Z
--------------------------------------------------
And for a user:
--------------------------------------------------
dn: cn=Andre Rodier,ou=users,dc=homebox,dc=space
pwdPolicySubentry: cn=default,ou=pwpolicies,dc=homebox,dc=space
shadowMin: 0
givenName: Andre
uid: andre
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: mailboxRelatedObject
loginShell: /bin/dash
userPassword::
e0NSWVBUfSQ2JHlZeG1UMjU3WHZkNGhhUXokTUNCT1lPeEdraFpPLmpQZm1ST
FlVdEJWV3UyR3dLZnhJUkU5cDZXTHNFWGFpVEdLeWdaWWNiMWM4cW1GMFlScS5hUEVZSm8zcXRD
dWQ3VDdtRWVOTjE=
shadowFlag: 0
uidNumber: 1002
shadowMax: 999999
gidNumber: 1001
sn: Rodier
shadowInactive: -1
mail: andre@homebox.space
homeDirectory: /home/users/mirina
shadowWarning: 7
pwdChangedTime: 20180329210427Z
structuralObjectClass: inetOrgPerson
cn: Mirina Rodier
entryUUID: 82a5ec56-c7e0-1037-8453-b71639529cec
creatorsName: cn=admin,dc=homebox,dc=space
createTimestamp: 20180329210427Z
entryCSN: 20180329210427.259980Z#000000#000#000000
modifiersName: cn=admin,dc=homebox,dc=space
modifyTimestamp: 20180329210427Z
--------------------------------------------------
However, if I logon on the system as "andre", I can change my password,
type a three letters new password, and libpam-ldap will not complain at all.
Is there anything I forgot?
Thanks for your help.
André
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
- libpam-ldap and password policies,
André Rodier
