Howard Guo wrote:
There are some interesting progress going on with OpenLDAP package. Feature wise, OpenLDAP will soon be able to check password strength and enforce password strength policies that will comply with your IT needs, the feature comes in new package "ppolicy-check-module" and please read ppolicy-check-password.5 (https://build.opensuse.org/package/view_file/network:ldap/openldap2/ppolicy-...) if you are interested to find out more.
There are also two new packages. 1. openldap2-back-sock which can be used as backend or overlay to forward LDAP requests to an external demon via Unix Domain Socket (used in my OATH-LDAP implementation). 2. openldap2-contrib with a bunch of useful overlays which comes from OpenLDAP's source contrib/ tree: allop allowed Generates attributes indicating access rights autogroup cloak denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) The pw-* overlays allow to use stronger password hashes and are interoperable with the stuff Howard mentioned above.
Apart from the new feature, a decision had to be made to determine the appropriate package for file /etc/openldap/ldap.conf - a system-wide configuration file for all client applications that link against LDAP library.
I'm ok with both approaches: 1. adding ldap.conf directly to libldap 2. having a separate package openldap2-client-config but have Requires: openldap2-client-config in all libldap packages (which would be also useful for the old compat-openldap-2.3 libs). Ciao, Michael.