>>> "Errol Neal" <eneal(a)dfi-intl.com> 01/19/07 11:07 AM >>>
I've been trying to play with the ppolicy features of openldap for a few
months now I have been very unsucessful.
Here is my slapd.conf file:
[root@dgovit-pap02 openldap]# cat slapd.conf
############################################################
include /usr/local/ldap/etc/openldap/schema/core.schema
include /usr/local/ldap/etc/openldap/schema/cosine.schema
include /usr/local/ldap/etc/openldap/schema/nis.schema
include /usr/local/ldap/etc/openldap/schema/corba.schema
include /usr/local/ldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/ldap/etc/openldap/schema/misc.schema
include /usr/local/ldap/etc/openldap/schema/openldap.schema
include /usr/local/ldap/etc/openldap/schema/ppolicy.schema
include /usr/local/ldap/etc/openldap/schema/ttpua.schema
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/ldap/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=std,ou=portal,ou=policies,dc=ttpua,dc=portal"
ppolicy_use_lockout
access to dn="" by * read
password-hash {SSHA}
database bdb
suffix "dc=ttpua,dc=portal"
rootdn "cn=scoobydoo,dc=ttpua,dc=portal"
rootpw {SSHA}hPdD1ypslgiUX6ANvpBoQRdJ7rAK9ab2
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/ldap/var/openldap-data
# indexing
index default eq
# basic use
index objectClass,uid,dc,o,ou
# references
index member,owner,seeAlso
# mail
index mail
# names
index cn,sn,givenName,displayName eq,sub
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to attrs=shadowLastChange
by self write
by * auth
access to * by * read
loglevel 255
database monitor
EOF
I compiled openldap-2.3.32 as follows:
./configure --with-threads=posix --with-tls=openssl --enable-dynamic
--with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt
--enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite
--enable-null=mod --enable-monitor=mod --enable-accesslog
--enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod
--enable-ppolicy --enable-proxycache --enable-refint --enable-retcode
--enable-rwm --enable-syncprov --enable-translucent --enable-unique
--enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod
--enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers
--prefix=/usr/local/ldap
Can someone help me out here. Not sure what I'm doing wrong. I've
followed every example I can find on the net but its still not working
out for me.
TIA,
Errol Neal
Hi,
I don't see a problem description anywhere in this email. What exactly
is the issue you are facing with ppolicy?
Prakash