Great. Thanks. When I read that I was wondering if I had skipped a step. Cheers, Greg Copeland > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory- > users-bounces at redhat.com] On Behalf Of Howard Chu > Sent: Friday, October 27, 2006 9:57 AM > To: fedora-directory-users at redhat.com > Subject: RE: Issue with fine-grained password > policy > > > Date: Thu, 26 Oct 2006 12:06:08 -0500 > > From: "Greg Copeland" <GCopeland at efjohnson.com> > > >> > Actually PADL's pam_ldap has had support for Netscape password policy > >> > for many years - you just have to enable it and tell it the DN of the > >> > policy object. Recently support has also been added for the IETF > draft > > > > Can you expand on the "...tell it the DN..." part there? > > I misspoke. When you configure the pam_lookup_policy keyword pam_ldap > will do an anonymous search in the rootDSE with a filter > (objectclass=passwordPolicy) and use what it finds there. So the only > requirement is that you give anonymous enough privileges to perform the > search. > > -- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc > OpenLDAP Core Team http://www.openldap.org/project/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users