Hello,
This is my doubt:
It is not needed to load the module for password policies? like moduleload ppolicy.la
How do I compile it as built-in?
Thanks,
Francisco Saito
On 11/18/06, Prakash Velayutham Prakash.Velayutham@cchmc.org wrote:
Hello All,
I configured OpenLDAP-2.3.29 with the following options.
./configure --with-threads=posix --with-tls=openssl --enable-dynamic --with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt --enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite --enable-null=mod --enable-monitor=mod --enable-accesslog --enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod --enable-ppolicy --enable-proxycache --enable-refint --enable-retcode --enable-rwm --enable-syncprov --enable-translucent --enable-unique --enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod --enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers --prefix=/usr/local/encap/openldap
My slapd.conf is:
include /usr/local/encap/openldap/etc/openldap/schema/core.schema include /usr/local/encap/openldap/etc/openldap/schema/cosine.schema include /usr/local/encap/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/encap/openldap/etc/openldap/schema/openldap.schema include /usr/local/encap/openldap/etc/openldap/schema/nis.schema include /usr/local/encap/openldap/etc/openldap/schema/samba3.schema include /usr/local/encap/openldap/etc/openldap/schema/ppolicy.schema
allow bind_anon_dn
pidfile /usr/local/encap/openldap/var/run/slapd.pid argsfile /usr/local/encap/openldap/var/run/slapd.args
database bdb suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/encap/openldap/var/openldap-data
index objectClass eq
overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,dc=my-domain,dc=com" ppolicy_use_lockout
access to attrs=userpassword by self write by * auth
access to * by self write by * read
loglevel -1
########################################################################
Now when I try to do this:
prakash@linux:~> ldapsearch -H ldap://localhost -D "cn=Manager,dc=my-domain,dc=com" -x -W -b "dc=my-domain,dc=com" -e ppolicy "cn=Manager" Enter LDAP Password:
I get the proper result.
# extended LDIF # # LDAPv3 # base <dc=my-domain,dc=com> with scope subtree # filter: cn=Manager # requesting: ALL #
# Manager, my-domain.com dn: cn=Manager,dc=my-domain,dc=com objectClass: organizationalRole cn: Manager description: LDAP Directory Manager
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
But in the server logs, I see,
Nov 18 09:55:31 linux slapd[11135]: => get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical) Nov 18 09:55:31 linux slapd[11135]: <= get_ctrls: n=1 rc=0 err="" Nov 18 09:55:31 linux slapd[11135]: attrs: Nov 18 09:55:31 linux slapd[11135]: Nov 18 09:55:31 linux slapd[11135]: conn=0 op=1 SRCH base="dc=my-domain,dc=com" scope=2 deref=0 filter="(cn=manager)" Nov 18 09:55:31 linux slapd[11135]: slap_global_control: unavailable control: 1.3.6.1.4.1.42.2.27.8.5.1
Is this the reason, why I am not able to get my ppolicy controls to work? How do I make this control available?
Thanks, Prakash