RSS feed

Re: libpam-ldap and password policies

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: libpam-ldap and password policies

Trent W. Buck wrote:
>  • Double-check that the ppolicy overlay is actually enabled.

Here are my notes on that:

        # This MUST appear before we refer to pwdHistory &c; it defines them.
        # Other schemas were already added by Debian 9's slapd.init.ldif.
        include: file:///etc/ldap/schema/ppolicy.ldif

        # Enable /usr/lib/ldap/
        dn: cn=module{0},cn=config
        changetype: modify
        add: olcModuleLoad
        olcModuleLoad: ppolicy

        # You can create multiple password policies (objectClass=pwdPolicy),
        # and assign e.g. staff to one and students to another.
        # Use the same policy "default" for everyone (cn=policy).
        # This object (olcOverlay=ppolicy) tells slapd to do so.
        dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
        objectClass: olcOverlayConfig
        objectClass: olcPPolicyConfig
        olcPPolicyDefault: cn=policy,o=REDACTED
To unsubscribe send an email to or see