[ale] openldap on Redhat
Allgood, John
jallgood at ohl.com
Thu May 20 14:55:23 EDT 2010
Hey Guys
Hello All
I am troubleshooting openldap and would like to get some feedback from you guys. We have been running on ldap for a while but was never ever able to implement a password policy. I have looked at ppolicy but it seems limited as far as password complexity. I found a module you can built into ppolicy ldap to provide cracklib checking but there has been some concern with its stability. My next thought was to let pam handle the cracklib and have the ageing provided in ldap. Now when I set the password using the passwd program the shadowLastChange is not getting updated in ldap. My ACL's are below.
All our users login the desktop via gdm/xdm and my goal is to provide a means to provide the ability to change there own password when they get the warning about expiration. I would also like to know how to keep the samba passwords in sync. Samba is using ldap as well but it is a separate module in ldap. I did not relize that openldap was a big monster. Hope someone can lead in the right direction.
access to attrs=userPassword,shadowLastChange
by dn.base="cn=Manager,dc=turbocorp,dc=com" write
by anonymous auth
by self write
by * none
access to attrs=SambaLMPassword,SambaNTPassword
by dn.base="cn=Manager,dc=turbocorp,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn.base="cn=Manager,dc=turbocorp,dc=com" write
by self write
by * read
John Allgood
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878
jallgood at ohl.com<mailto:jallgood at ohl.com>
www.ohl.com<http://www.ohl.com>
______________________________________________________
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100520/22b4ded8/attachment.html
More information about the Ale
mailing list