PDA

View Full Version : password policies on ldap users



sharfuddin
11-Aug-2014, 13:38
Hello,

SLES 11 SP 3 running openldap server.

applying password policies via "yast2 security" or by editing /etc/login.defs applies on ldap accounts too ? if not then please guide how to enable password policies(aging, warning, complexity) on ldap users

Regards,

sharfuddin
11-Aug-2014, 13:48
there is an option to configure password policies for ldap under yast2 ldap > Advanced Configuration > Administration Settings, but on my system its disabled.
90

jmozdzen
11-Aug-2014, 16:56
Hi sharfuddin,

two questions in response first:

1. Are you trying to connect to NetIQ eDirectory, formerly known as "Novell Directory Services", short NDS?

2. Shouldn't the admin DN be without the "Append Base DN" activated, I'd have assumed that YaST would make it "cn=Administrator,dn=nds,dc=local,ou=ldapconfig,dc= nds,dc=local" the way the screen shot shows your settings?

Regards,
Jens

sharfuddin
11-Aug-2014, 19:55
Hello Jens,


>
>1. Are you trying to connect to NetIQ eDirectory, formerly known as "Novell Directory Services", short NDS?
>

No. Its openldap server running atop SLES 11 SP 3.

>2. Shouldn't the admin DN be without the "Append Base DN" activated
>

Yast automatically enabled the "Append Base DN" option.

jmozdzen
12-Aug-2014, 11:52
Hi sharfuddin,

Hello Jens,

>
>1. Are you trying to connect to NetIQ eDirectory, formerly known as "Novell Directory Services", short NDS?
>

No. Its openldap server running atop SLES 11 SP 3.
OK, I got confused by the DN ;)


>2. Shouldn't the admin DN be without the "Append Base DN" activated
>

Yast automatically enabled the "Append Base DN" option.

But is the resulting URL correct? No matter if that flag was set automatically, the result has to fit your situation ;)

It might be that the settings dialog is disabled because YaST could not get write access to the according LDAP section, because of a wrong DN.

Regards,
Jens

sharfuddin
12-Aug-2014, 13:52
I did it, shortly I'll update the forums with steps on how to implement the password policy on openldap users

sharfuddin
21-Aug-2014, 11:30
sorry for coming too late ;(.

"Password Policy" is available for openldap, and via YaST it could be enabled as "yast ldap-server > Schema Files > Add > ppolicy.schema" once done, under your openldap tree, you will see the "Password Policy", enable it and configure the policies(aging, lockout, complexity).

sharfuddin
21-Aug-2014, 11:34
the settings shown on above screenshot is of openldap client, and "Password Policy" seems disabled because "Password Policy" is not available/enabled on openldap server. To enable the Password Policy on openldap Server, "yast ldap-server > Schema Files > Add > ppolicy.schema" once done, under your openldap tree, you will see the "Password Policy", enable it and configure the policies(aging, lockout, complexity).

maikcat
21-Aug-2014, 12:49
are you using the check_password.so module from ltb ?

Michael.

sharfuddin
21-Aug-2014, 13:23
>are you using the check_password.so module from ltb ?
>

No. seriously I didn't get you,... excuse me for being so dumb :confused:

MoserHans
26-Aug-2014, 15:36
LTB = LDAP Tool Box; http://ltb-project.org/wiki/