Full_Name: Crane.YQ.Feng Version: 2.4.23 OS: redhat linux 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (218.29.136.228)
Hello openldap Expert, Could anyone do me a big favor. when i config my openldap's function about the password policy and to define the " olcPPolicyDefault ", a problem has occurted¡£ Note(The enldldap has configed ,it is worked on cn=config model) when i add a password default policy entry(olcPPolicyDefault) in to my openldap database(cn=config). the system returned a error message :
------------------------------------------------------------------------------------
file content(olcPPolicy-new.ldif): dn: cn=config changetype: modify add: olcPPolicyDefault olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com
[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f olcPPolicy-new.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcPPolicyDefault7 7 not allowed
Used another way to add this entry,the problem is same: ----------------------------------------------------------------------------- olcPPolicyDefault.ldif file content: dn: cn=config changetype: add olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com
[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f olcPPolicyDefault.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=config" ldap_add: Object class violation (65) additional info: no objectClass attribute
So I can't add olcPPolicyDefault to make openldap password policy to available.
attachment: ---------------------------------- cn=config content: [root@GL-LDAP01 openldap]# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config "(|(olcoverlay=ppolicy))" dn: olcOverlay={1}ppolicy,olcDatabase={2}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE
[root@GL-LDAP01 openldap]# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config "(|(cn=config))" dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /etc/openldap/slapd.conf olcConfigDir: /etc/openldap/slapd.d/ olcAllows: bind_v2 olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcLogLevel: Trace olcLogLevel: Packets olcLogLevel: Args olcLogLevel: Conns olcLogLevel: BER olcLogLevel: Filter olcLogLevel: Config olcLogLevel: ACL olcLogLevel: Stats olcLogLevel: Stats2 olcLogLevel: Shell olcLogLevel: Parse olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcServerID: 1 ldap://GL-LDAP01.ldap.idpbg.com olcServerID: 2 ldap://GL-LDAP02.ldap.idpbg.com olcServerID: 3 ldap://TY-LDAP01.ldap.idpbg.com olcServerID: 4 ldap://TY-LDAP02.ldap.idpbg.com olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0
-
q03765@sohu.com