最近公司要求邮箱服务器支持强制密长度与一月改一次密码.我查了一下本BBS没有查到有用的相关信息,我查了一下openldap的guide 里面说是可以支持密码策略的.想请问一下iredmail的大牛们能否把它加到下一个版本里.或者有什么变通的方法让openldap 的密码策略信息反馈到webmail.让用户知道自己密码快过期了.
    The user is allowed to change his own password. Note that the directory ACLs for this attribute can also affect this ability (pwdAllowUserChange: TRUE).
    The name of the password attribute is “userPassword” (pwdAttribute: userPassword). Note that this is the only value that is accepted by OpenLDAP for this attribute.
    The server will check the syntax of the password. If the server is unable to check the syntax (i.e., it was hashed or otherwise encoded by the client) it will return an error refusing the password (pwdCheckQuality: 2).
    When a client includes the Password Policy Request control with a bind request, the server will respond with a password expiration warning if it is going to expire in ten minutes or less (pwdExpireWarning: 600). The warnings themselves are returned in a Password Policy Response control.
    When the password for a DN has expired, the server will allow five additional “grace” logins (pwdGraceAuthNLimit: 5).
    The server will maintain a history of the last five passwords that were used for a DN (pwdInHistory: 5).
    The server will lock the account after the maximum number of failed bind attempts has been exceeded (pwdLockout: TRUE).
    When the server has locked an account, the server will keep it locked until an administrator unlocks it (pwdLockoutDuration: 0)
    The server will reset its failed bind count after a period of 30 seconds.
    Passwords will not expire (pwdMaxAge: 0).
    Passwords can be changed as often as desired (pwdMinAge: 0).
    Passwords must be at least 5 characters in length (pwdMinLength: 5).
    The password does not need to be changed at the first bind or when the administrator has reset the password (pwdMustChange: FALSE)
    The current password does not need to be included with password change requests (pwdSafeModify: FALSE)
    The server will only allow five failed binds in a row for a particular DN (pwdMaxFailure: 5).

现在我想用ldapmodify 来为目录里全部用户添加一个pwdPolicy 的ojectclass ,要怎么做.我只会用ldapmodify修改attribute的,谢谢大家.

因为公司需要,所以做的邮件的收发备份,我的本意是想,本域发给除自已之外其它的域的邮件就抄送到sender_bcc的地址, 其它域发给本域的就抄送到recipient_bcc的地址的,但是现在本域发给本域就会出现抄送两份,sender_bcc  recipient_bcc都有一份,请问有什么方法以能做我上述的需求,非常感谢!

sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf