Hello,
This is my doubt:
It is not needed to load the module for password policies?
like
moduleload ppolicy.la
How do I compile it as built-in?
Thanks,
Francisco Saito
On 11/18/06, Prakash Velayutham <Prakash.Velayutham@cchmc.org> wrote:
Hello All,
I configured OpenLDAP-2.3.29 with the following options.
./configure --with-threads=posix --with-tls=openssl --enable-dynamic
--with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt
--enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite
--enable-null=mod --enable-monitor=mod --enable-accesslog
--enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod
--enable-ppolicy --enable-proxycache --enable-refint --enable-retcode
--enable-rwm --enable-syncprov --enable-translucent --enable-unique
--enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod
--enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers
--prefix=/usr/local/encap/openldap
My slapd.conf is:
include
/usr/local/encap/openldap/etc/openldap/schema/core.schema
include
/usr/local/encap/openldap/etc/openldap/schema/cosine.schema
include
/usr/local/encap/openldap/etc/openldap/schema/inetorgperson.schema
include
/usr/local/encap/openldap/etc/openldap/schema/openldap.schema
include /usr/local/encap/openldap/etc/openldap/schema/nis.schema
include
/usr/local/encap/openldap/etc/openldap/schema/samba3.schema
include
/usr/local/encap/openldap/etc/openldap/schema/ppolicy.schema
allow bind_anon_dn
pidfile /usr/local/encap/openldap/var/run/slapd.pid
argsfile /usr/local/encap/openldap/var/run/slapd.args
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/encap/openldap/var/openldap-data
index objectClass eq
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=my-domain,dc=com"
ppolicy_use_lockout
access to attrs=userpassword
by self write
by * auth
access to *
by self write
by * read
loglevel -1
########################################################################
Now when I try to do this:
prakash@linux:~> ldapsearch -H ldap://localhost -D
"cn=Manager,dc=my-domain,dc=com" -x -W -b "dc=my-domain,dc=com" -e
ppolicy "cn=Manager"
Enter LDAP Password:
I get the proper result.
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope subtree
# filter: cn=Manager
# requesting: ALL
#
# Manager, my-domain.com
dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager
description: LDAP Directory Manager
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But in the server logs, I see,
Nov 18 09:55:31 linux slapd[11135]: => get_ctrls:
oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical)
Nov 18 09:55:31 linux slapd[11135]: <= get_ctrls: n=1 rc=0 err=""
Nov 18 09:55:31 linux slapd[11135]: attrs:
Nov 18 09:55:31 linux slapd[11135]:
Nov 18 09:55:31 linux slapd[11135]: conn=0 op=1 SRCH
base="dc=my-domain,dc=com" scope=2 deref=0 filter="(cn=manager)"
Nov 18 09:55:31 linux slapd[11135]: slap_global_control: unavailable
control: 1.3.6.1.4.1.42.2.27.8.5.1
Is this the reason, why I am not able to get my ppolicy controls to
work? How do I make this control available?
Thanks,
Prakash