[ale] openldap on Redhat

Allgood, John jallgood at ohl.com
Thu May 20 14:55:23 EDT 2010 

Hey Guys
Hello All


I am troubleshooting openldap and would like to get some feedback from you guys. We have been running on ldap for a while but was never ever able to  implement a password policy. I have looked at ppolicy but it seems limited as far as password complexity. I found a module you can built into ppolicy ldap to provide cracklib checking but there has been some concern with its stability. My next thought was to let pam handle the cracklib and have the ageing provided in ldap.  Now when I set the password using the passwd program the shadowLastChange is not getting updated in ldap. My ACL's are below.
All our users login the desktop via gdm/xdm and my goal is to provide a means to provide the ability to change there own password when they get the warning about expiration. I would also like to know how to keep the samba passwords in sync. Samba is using ldap as well but it is a separate module in ldap. I did not relize that openldap was a big monster. Hope someone can lead in the right direction.

access to attrs=userPassword,shadowLastChange
  by dn.base="cn=Manager,dc=turbocorp,dc=com" write
            by anonymous auth
            by self write
            by * none
access to attrs=SambaLMPassword,SambaNTPassword
  by dn.base="cn=Manager,dc=turbocorp,dc=com" write
            by anonymous auth
            by self write
            by * none
access to *
  by dn.base="cn=Manager,dc=turbocorp,dc=com" write
            by self write
            by * read

John Allgood
Senior Systems Administrator
OHL Transportation Services
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051  fax: (770) 531-7878

jallgood at ohl.com<mailto:jallgood at ohl.com>
www.ohl.com<http://www.ohl.com>


______________________________________________________

This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100520/22b4ded8/attachment.html

More information about the Ale mailing list