Linux Archive - FW: ppolicy in openldap

Linux Archive (http://www.linux-archive.org/)

- Red Hat Linux (http://www.linux-archive.org/red-hat-linux/)

- - FW: ppolicy in openldap (http://www.linux-archive.org/red-hat-linux/227029-fw-ppolicy-openldap.html)

FW: ppolicy in openldap

Hello All

I tried to send the below message to the openldap list and could get it
to go through. I know the redhat list has a lot of expertise in a wide
range of topics.

I am fairly new to openldap and have some questions about password
policys. We are running ldap on RHEL5 and using openldap 2.3.27. The
ppolicy overlay gives me a lot of what I need but RHEL5 does not seem to
have it installed. How can I get this installed? Also the best that I
can tell is that ppolicy does not have any dictionary checks either. Is
this true or did I just miss something? What I would like to setup is
what we currently have in place using cracklib. Minlen=8 at least 1
Uppercase, 1 Lowercase, 1 Number, 1 special char.

Best Regards

John Allgood
Senior Systems Administrator
Turbo, division of OHL
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878

jallgood@ohl.com
www.ohl.com

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

FW: ppolicy in openldap

Hi, John,

---- Original message ----
>Date: Tue, 13 Jan 2009 09:10:13 -0600
>From: "Allgood, John" <jallgood@ohl.com>
>
>I tried to send the below message to the openldap list and could get it

Yeah, well, when I was fighting openldap around Sept of '06, they were *not* a lot of help - lots of "that question's already been answered", and "this is the wrong forum for that question". I was unimpressed with their help.

Not to mention, as far as I'm concerned, it ain't ready for prime time - the lack of tools, and the usefulness of what they do offer, sucks.

>to go through. I know the redhat list has a lot of expertise in a wide
>range of topics.
>
>I am fairly new to openldap and have some questions about password
>policys. We are running ldap on RHEL5 and using openldap 2.3.27. The
>ppolicy overlay gives me a lot of what I need but RHEL5 does not seem to
>have it installed. How can I get this installed? Also the best that I

You can either find the rpm, or pull source from the openldap group directly.

>can tell is that ppolicy does not have any dictionary checks either. Is
>this true or did I just miss something? What I would like to setup is
>what we currently have in place using cracklib. Minlen=8 at least 1
>Uppercase, 1 Lowercase, 1 Number, 1 special char.
>
I'm not sure - it's been six months or more since I dealt with this, but you might check the "what's new" for both 2.3 and 2.4. The former added ppolicy, and password aging.

An alternative is in PAM, which *does* allow that, though I guess you want to implement it on the openLDAP server....

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

FW: ppolicy in openldap

Hey

Thanks for the response.

I found some rpms for the newer version of ldap from here
http://staff.telkomsa.net/packages/rhel5/openldap and I just installed
them. Looks like a lot of changes in this version. We are trying to
implement and single signon system for our services and thought ldap
would be a good choice. You mentioned using PAM with ldap can you
provide me with a little more on that.

Thanks

John Allgood
Senior Systems Administrator
Turbo, division of OHL
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051 fax: (770) 531-7878

jallgood@ohl.com
www.ohl.com

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth2006@rcn.com
Sent: Tuesday, January 13, 2009 10:32 AM
To: General Red Hat Linux discussion list
Subject: Re: FW: ppolicy in openldap

Hi, John,

---- Original message ----
>Date: Tue, 13 Jan 2009 09:10:13 -0600
>From: "Allgood, John" <jallgood@ohl.com>
>
>I tried to send the below message to the openldap list and could get it

Yeah, well, when I was fighting openldap around Sept of '06, they were
*not* a lot of help - lots of "that question's already been answered",
and "this is the wrong forum for that question". I was unimpressed with
their help.

Not to mention, as far as I'm concerned, it ain't ready for prime time -
the lack of tools, and the usefulness of what they do offer, sucks.

>to go through. I know the redhat list has a lot of expertise in a wide
>range of topics.
>
>I am fairly new to openldap and have some questions about password
>policys. We are running ldap on RHEL5 and using openldap 2.3.27. The
>ppolicy overlay gives me a lot of what I need but RHEL5 does not seem
to
>have it installed. How can I get this installed? Also the best that I

You can either find the rpm, or pull source from the openldap group
directly.

>can tell is that ppolicy does not have any dictionary checks either. Is
>this true or did I just miss something? What I would like to setup is
>what we currently have in place using cracklib. Minlen=8 at least 1
>Uppercase, 1 Lowercase, 1 Number, 1 special char.
>
I'm not sure - it's been six months or more since I dealt with this, but
you might check the "what's new" for both 2.3 and 2.4. The former added
ppolicy, and password aging.

An alternative is in PAM, which *does* allow that, though I guess you
want to implement it on the openLDAP server....

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list