Re: libpam-ldap and password policies

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Trent W. Buck" <twb-nss-pam-ldapd-users [at] cyber.com.au>
To: André Rodier <andre.rodier [at] gmail.com>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: libpam-ldap and password policies
Date: Tue, 3 Apr 2018 11:18:41 +1000

Trent W. Buck wrote:
>  • Double-check that the ppolicy overlay is actually enabled.

Here are my notes on that:

        # This MUST appear before we refer to pwdHistory &c; it defines them.
        # Other schemas were already added by Debian 9's slapd.init.ldif.
        include: file:///etc/ldap/schema/ppolicy.ldif

        # Enable /usr/lib/ldap/ppolicy.so
        dn: cn=module{0},cn=config
        changetype: modify
        add: olcModuleLoad
        olcModuleLoad: ppolicy

        # You can create multiple password policies (objectClass=pwdPolicy),
        # and assign e.g. staff to one and students to another.
        # Use the same policy "default" for everyone (cn=policy).
        # This object (olcOverlay=ppolicy) tells slapd to do so.
        dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
        objectClass: olcOverlayConfig
        objectClass: olcPPolicyConfig
        olcPPolicyDefault: cn=policy,o=REDACTED
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

libpam-ldap and password policies, André Rodier
- Re: libpam-ldap and password policies, Trent W. Buck
  - Re: libpam-ldap and password policies, Trent W. Buck
  - Re: libpam-ldap and password policies, André Rodier
- Re: libpam-ldap and password policies, Arthur de Jong

Prev by Date: Re: libpam-ldap and password policies
Next by Date: Re: libpam-ldap and password policies
Previous by thread: Re: libpam-ldap and password policies
Next by thread: Re: libpam-ldap and password policies