FW: ppolicy in openldap

Allgood, John jallgood at ohl.com
Tue Jan 13 16:04:24 UTC 2009


Thanks for the response.

I found some rpms for the newer version of ldap from here
http://staff.telkomsa.net/packages/rhel5/openldap and I just installed
them. Looks like a lot of changes in this version. We are trying to
implement and single signon system for our services and thought ldap
would be a good choice. You mentioned using PAM with ldap can you
provide me with a little more on that.


John Allgood
Senior Systems Administrator
Turbo, division of OHL
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051  fax: (770) 531-7878

jallgood at ohl.com

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth2006 at rcn.com
Sent: Tuesday, January 13, 2009 10:32 AM
To: General Red Hat Linux discussion list
Subject: Re: FW: ppolicy in openldap

Hi, John,

---- Original message ----
>Date: Tue, 13 Jan 2009 09:10:13 -0600
>From: "Allgood, John" <jallgood at ohl.com>  
>I tried to send the below message to the openldap list and could get it

Yeah, well, when I was fighting openldap around Sept of '06, they were
*not* a lot of help - lots of "that question's already been answered",
and "this is the wrong forum for that question". I was unimpressed with
their help.

Not to mention, as far as I'm concerned, it ain't ready for prime time -
the lack of tools, and the usefulness of what they do offer, sucks.

>to go through. I know the redhat list has a lot of expertise in a wide
>range of topics.
>I am fairly new to openldap and have some questions about password
>policys. We are running ldap on RHEL5 and using openldap 2.3.27. The
>ppolicy overlay gives me a lot of what I need but RHEL5 does not seem
>have it installed. How can I get this installed? Also the best that I

You can either find the rpm, or pull source from the openldap group

>can tell is that ppolicy does not have any dictionary checks either. Is
>this true or did I just miss something? What I would like to setup is
>what we currently have in place using cracklib. Minlen=8 at least 1
>Uppercase, 1 Lowercase, 1 Number, 1 special char.
I'm not sure - it's been six months or more since I dealt with this, but
you might check the "what's new" for both 2.3 and 2.4. The former added
ppolicy, and password aging. 

An alternative is in PAM, which *does* allow that, though I guess you
want to implement it on the openLDAP server....


redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe

More information about the redhat-list mailing list