Date: Thu, 26 Oct 2006 12:06:08 -0500
> From: "Greg Copeland" <GCopeland@xxxxxxxxxxxxx>
> Actually PADL's pam_ldap has had support for Netscape password policy
> for many years - you just have to enable it and tell it the DN of the
> policy object. Recently support has also been added for the IETF draft
Can you expand on the "...tell it the DN..." part there?
I misspoke. When you configure the pam_lookup_policy keyword pam_ldap
will do an anonymous search in the rootDSE with a filter
(objectclass=passwordPolicy) and use what it finds there. So the only
requirement is that you give anonymous enough privileges to perform the
search.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
