наложение политики паролей на slapd (Password Policy overlay to slapd)
Имя (Name)
slapo-ppolicy - Password Policy overlay to slapd
Синопсис (Synopsis)
ETCDIR/slapd.conf
Описание (Description)
The ppolicy overlay is an implementation of the most recent IETF
Password Policy proposal for LDAP. When instantiated, it
intercepts, decodes and applies specific password policy controls
to overall use of a backend database, changes to user password
fields, etc.
The overlay provides a variety of password control mechanisms.
They include password aging -- both minimum and maximum ages,
password reuse and duplication control, account time-outs,
mandatory password resets, acceptable password content, and even
grace logins. Different groups of users may be associated with
different password policies, and there is no limit to the number
of password policies that may be created.
Note that some of the policies do not take effect when the
operation is performed with the rootdn identity; all the
operations, when performed with any other identity, may be
subjected to constraints, like access control. This overlay
requires a rootdn to be configured on the database.
During password update, an identity with manage access to the
userPassword attribute is considered a password administrator
where relevant to the IETF Password Policy proposal.
Note that the IETF Password Policy proposal for LDAP makes sense
when considering a single-valued password attribute, while the
userPassword attribute allows multiple values. This
implementation enforces a single value for the userPassword
attribute, despite its specification.
In addition to supporting the IETF Password Policy, this module
supports the SunDS Account Usability control
(1.3.6.1.4.1.42.2.27.9.5.8) on search requests and can send the
Netscape Password validity controls when configured to do so.
