FW: ppolicy in openldap

m.roth2006 at rcn.com m.roth2006 at rcn.com
Tue Jan 13 15:32:25 UTC 2009

Hi, John,

---- Original message ----
>Date: Tue, 13 Jan 2009 09:10:13 -0600
>From: "Allgood, John" <jallgood at ohl.com>  
>I tried to send the below message to the openldap list and could get it

Yeah, well, when I was fighting openldap around Sept of '06, they were *not* a lot of help - lots of "that question's already been answered", and "this is the wrong forum for that question". I was unimpressed with their help.

Not to mention, as far as I'm concerned, it ain't ready for prime time - the lack of tools, and the usefulness of what they do offer, sucks.

>to go through. I know the redhat list has a lot of expertise in a wide
>range of topics.
>I am fairly new to openldap and have some questions about password
>policys. We are running ldap on RHEL5 and using openldap 2.3.27. The
>ppolicy overlay gives me a lot of what I need but RHEL5 does not seem to
>have it installed. How can I get this installed? Also the best that I

You can either find the rpm, or pull source from the openldap group directly. 

>can tell is that ppolicy does not have any dictionary checks either. Is
>this true or did I just miss something? What I would like to setup is
>what we currently have in place using cracklib. Minlen=8 at least 1
>Uppercase, 1 Lowercase, 1 Number, 1 special char.
I'm not sure - it's been six months or more since I dealt with this, but you might check the "what's new" for both 2.3 and 2.4. The former added ppolicy, and password aging. 

An alternative is in PAM, which *does* allow that, though I guess you want to implement it on the openLDAP server....


More information about the redhat-list mailing list