I've been trying to play with the ppolicy features of openldap for a few months now I have been very unsucessful.
Here is my slapd.conf file:
[root@dgovit-pap02 openldap]# cat slapd.conf ############################################################ include /usr/local/ldap/etc/openldap/schema/core.schema include /usr/local/ldap/etc/openldap/schema/cosine.schema include /usr/local/ldap/etc/openldap/schema/nis.schema include /usr/local/ldap/etc/openldap/schema/corba.schema include /usr/local/ldap/etc/openldap/schema/inetorgperson.schema include /usr/local/ldap/etc/openldap/schema/misc.schema include /usr/local/ldap/etc/openldap/schema/openldap.schema include /usr/local/ldap/etc/openldap/schema/ppolicy.schema include /usr/local/ldap/etc/openldap/schema/ttpua.schema
pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/ldap/libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # moduleload ppolicy.la
overlay ppolicy ppolicy_default "cn=std,ou=portal,ou=policies,dc=ttpua,dc=portal" ppolicy_use_lockout
access to dn="" by * read
password-hash {SSHA}
database bdb suffix "dc=ttpua,dc=portal" rootdn "cn=scoobydoo,dc=ttpua,dc=portal"
rootpw {SSHA}hPdD1ypslgiUX6ANvpBoQRdJ7rAK9ab2
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended.
directory /usr/local/ldap/var/openldap-data
# indexing index default eq
# basic use index objectClass,uid,dc,o,ou
# references index member,owner,seeAlso
# mail index mail
# names index cn,sn,givenName,displayName eq,sub
access to attrs=userPassword by self write by anonymous auth by * none
access to attrs=shadowLastChange by self write by * auth
access to * by * read
loglevel 255
database monitor
EOF
I compiled openldap-2.3.32 as follows:
./configure --with-threads=posix --with-tls=openssl --enable-dynamic --with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt --enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite --enable-null=mod --enable-monitor=mod --enable-accesslog --enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod --enable-ppolicy --enable-proxycache --enable-refint --enable-retcode --enable-rwm --enable-syncprov --enable-translucent --enable-unique --enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod --enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers --prefix=/usr/local/ldap
Can someone help me out here. Not sure what I'm doing wrong. I've followed every example I can find on the net but its still not working out for me.
TIA,
Errol Neal