I would like to enable PasswordPolicies in my OpenLdap server by adding
following lines in slapd.conf:
overlay ppolicy
ppolicy_default "cn=Default Policy,dc=dw,dc=plbyd,dc=pl"
ppolicy_hash_cleartext
ppolicy_use_lockout
Right now accounts are defined with shadowAccount attribute (I use pam_ldap
and nss_ldap).
I would like to replace the shadowAccount attributes with the operational
attribute :
pwdPolicySubentry: cn=Default Policy,dc=test,dc=pl for each account.
I would like to avoid accounts recreating but I am no sure if it is
possible.
OS is SUSE Linux Enterprise Server 10 SP2.
Is it possible to achive such a reconfiguration or should the accounts be
created from scratch after the overlay is enabled?
I would appreciate any hint, thanks.
--
darek