[sork] Openldap ppolicy integration

Jan Schneider jan at horde.org
Tue Oct 6 17:17:02 UTC 2009


Zitat von Gustavo Schroeder <gutosch at gmail.com>:

> Hi,
>
> I'm using Horde 3, IMP 4 and passwd-h3-3.0.1 module. The one and only
> password interface that our user base has is through IMP's passwd
> module.
> The current configuration is using the smbldap driver and I'm planning
> to implement the openldap ppolicy overlay configuration to enforce a
> strong password policy.
> Suppose I got ppolicy overlay up and running and pwdMaxAge=10368000
> (120 days) and as I've been googling around pam_ldap has the ability
> to provide user warnings about password expiration.
> My question is, will the passwd module provide password expiration
> warnings to the end user?

No, but Horde can do this through the shadowAccount objectclass.

> How will the user get warned when his/her password is about to expire?
> Is this error treatment handled by passwd module?

You have to configure Horde to authenticate through the LDAP driver.  
There is an option in the LDAP authentication configuration to enable  
password expiration.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the sork mailing list