Hello,
SLES 11 SP 3 running openldap server.
applying password policies via “yast2 security” or by editing /etc/login.defs applies on ldap accounts too ? if not then please guide how to enable password policies(aging, warning, complexity) on ldap users
Regards,
there is an option to configure password policies for ldap under yast2 ldap > Advanced Configuration > Administration Settings, but on my system its disabled.
Hi sharfuddin,
two questions in response first:
Are you trying to connect to NetIQ eDirectory, formerly known as “Novell Directory Services”, short NDS?
Shouldn’t the admin DN be without the “Append Base DN” activated, I’d have assumed that YaST would make it “cn=Administrator,dn=nds,dc=local,ou=ldapconfig,dc=nds,dc=local” the way the screen shot shows your settings?
Regards,
Jens
Hello Jens,
[color=blue]
- Are you trying to connect to NetIQ eDirectory, formerly known as “Novell Directory Services”, short NDS?
[/color]
No. Its openldap server running atop SLES 11 SP 3.
[color=blue]
- Shouldn’t the admin DN be without the “Append Base DN” activated
[/color]
Yast automatically enabled the “Append Base DN” option.
Hi sharfuddin,
[QUOTE=sharfuddin;23047]Hello Jens,
[COLOR=blue]
- Are you trying to connect to NetIQ eDirectory, formerly known as “Novell Directory Services”, short NDS?
[/COLOR]
No. Its openldap server running atop SLES 11 SP 3.[/QUOTE]
OK, I got confused by the DN 
[COLOR=blue]
[/COLOR][QUOTE=sharfuddin;23047][COLOR=blue] >2. Shouldn’t the admin DN be without the “Append Base DN” activated
[/COLOR]
Yast automatically enabled the “Append Base DN” option.[/QUOTE]
But is the resulting URL correct? No matter if that flag was set automatically, the result has to fit your situation
It might be that the settings dialog is disabled because YaST could not get write access to the according LDAP section, because of a wrong DN.
Regards,
Jens
I did it, shortly I’ll update the forums with steps on how to implement the password policy on openldap users
sorry for coming too late ;(.
“Password Policy” is available for openldap, and via YaST it could be enabled as “yast ldap-server > Schema Files > Add > ppolicy.schema” once done, under your openldap tree, you will see the “Password Policy”, enable it and configure the policies(aging, lockout, complexity).
the settings shown on above screenshot is of openldap client, and “Password Policy” seems disabled because “Password Policy” is not available/enabled on openldap server. To enable the Password Policy on openldap Server, “yast ldap-server > Schema Files > Add > ppolicy.schema” once done, under your openldap tree, you will see the “Password Policy”, enable it and configure the policies(aging, lockout, complexity).
are you using the check_password.so module from ltb ?
Michael.
[color=blue]
are you using the check_password.so module from ltb ?
[/color]
No. seriously I didn’t get you,… excuse me for being so dumb 
LTB = LDAP Tool Box; http://ltb-project.org/wiki/