On 1/4/2011 11:09 πμ, Sven Hartge wrote:
Have a look at the ppolicy slapd.overlay. This will solve your problem.
I just wanted to mention that there are significant integration issues of openldap ppolicy overlay in other software.
(We also aren't sure Rob is using OpenLDAP - he hasn't mentioned.)
There are issues with password expiration warnings. See for example: http://lists.horde.org/archives/sork/Week-of-Mon-20091005/002973.html. Horde integration might provide solutions to the issues.
In many cases, a separate or a supplemental (to ppolicy) password management process should be established, like: http://tools.ltb-project.org/news/14 (which I haven't used myself). This could be expanded and/or tied to a cron-job that would send warnings to users etc. based on ldapsearch results.
Nick