Re: [Lam-public] Managing account locking and password expiration in plain LDAP schema...
Brought to you by:
gruberroland
From: Marco G. <ga...@li...> - 2023-05-21 21:40:19
|
Mandi! Roland Gruber In chel di` si favelave... > "passwd -l" should work when you configure "rootbinddn" in > /etc/libnss-ldap.conf (you will also need to set the password in > /etc/libnss-ldap.secret). Ah, oh... never minded about that... > But you can use the account status inside LAM which is filterable: > https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html Two minutes after posting, i've found exactly that. Thanks! > Shadow is only checked by the Unix system. If you want something to be > enforced globally then go for PPolicy (needs to be activated on server): > https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#mod_passwordPolicy If i've understood well, this is an alternative to shadow, right? EG, PPolicy does not use shadow* fileds... Thanks. -- tutti chiusi in tante celle fanno a chi parla piu' forte per non dir che stelle e morte fan paura (F. Guccini) |