> >> I'm using ldapsam:ldap://server as my passdb backend, so I'm not sure > >> why it's showing the user this message instead. I see I can edit the > >> values that Samba is showing the user with pdbedit, but I shouldn't need > >> to edit that - my password policy is defined in LDAP, and those are the > >> message I'd like the users to see. > > How are these policies exactly defined in LDAP? Are they > > visible for LDAP clients? > It's an explicit entry in LDAP:
ppolicy support in Samba would be awesome. Would make PCI/DSS (and other regulatory compliance) *much* easier for shops using a Samba PDC. <http://www.openldap.org/software/man.cgi?query=slapo-ppolicy> > 56 cn=Password Policy,ou=Policies,dc=example,dc=com > cn: Password Policy > pwdAttribute: userPassword > pwdMaxAge: 3888000 > The check_password.so module is what's doing the strength checks, > similar to how the 'check password script' works in Samba. All other > password policy attributes listed above are visible (read access) from a > directory listing (for every user). > > If they are visible, then we might have a chance to return > > them to the client, although this would require coding. If > > they are defined in some LDAP server config file that is not > > visible to Samba, then we can't export those to the client. > It sounds like everything is pretty cut and dry with the exception of > the checks enforced by check_password.so. But, I think if Samba just > returned the errors sent back by LDAP/check_password.so (e.g., "password > too short", "password does not meet required strength checks", etc.), > that would suffice. Yep, that is what happens. > I can see that Samba receives these error messages, > but seems to do nothing with them (log information included in previous > posts in this thread). If that can be rectified, that should get us > pretty close, no? -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba