[Pkg-openldap-devel] Bug#370550: slapd.conf: support for shadow
password aging
Brian White
bcwhite at precidia.com
Mon Jun 5 19:55:00 UTC 2006
Package: slapd
Version: 2.2.23-8
Severity: minor
In order for password aging to work with LDAP, a user has to be able to
both read and change the "shadowLastChange" field in their user object.
I suggest the following be included in the default slapd.conf file,
possibly commented-out by default.
access to attrs=shadowLastChange
by dn="cn=admin,dc=example,dc=com" write
by self write
by * read
It seems it should be possible to just add this field to the attrs list
(after "userPassword") that limits access to reading the password, but
it doesn't work there for some reason I don't understand.
Brian
( bcwhite at precidia.com )
-------------------------------------------------------------------------------
We've all had "bad experiences", but there is no such thing as bad
experience.
More information about the Pkg-openldap-devel
mailing list