--On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger" roger.metcalf@acs-inc.com wrote:
I am trying to use the ppolicy overlay. I've searched, read and experimented and can't get it to work. I've read other similar postings with similar problems but haven't found the one with the answer.
My OpenLDAP knowledge is intermediate.
I download 2.3.27, then build it:
Why 2.3.27? 2.3.32 is the current stable release.
Plus there have been fixes since 2.3.27:
OpenLDAP 2.3.30 Release (2006/11/14) Fixed slapo-ppolicy external quality check (ITS#4741)
OpenLDAP 2.3.29 Release (2006/11/10) Fixed slapo-ppolicy leaks (ITS#4665)
OpenLDAP 2.3.28 Release (2006/10/21) Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
As for your questions:
Questions:
1) Where is ppolicy.la located?
Well, if its a dynamic module, then in $lib/openldap:
ldap00:/usr/local/lib/openldap> ls -l ppol* lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy-2.3.so.0 -> ppolicy-2.3.so.0.2.16* -rwxr-xr-x 1 root root 102169 Nov 8 21:49 ppolicy-2.3.so.0.2.16* -rwxr-xr-x 1 root root 909 Nov 8 21:49 ppolicy.la* lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy.so -> ppolicy-2.3.so.0.2.16*
2) Does it need to be loaded?
Yes, if it is a dynamic module.
3) Where is the path to it specified?
Via the "modulepath" directive in slapd.conf:
# Load dynamic backend modules: modulepath /usr/local/lib/openldap moduleload back_hdb.la moduleload back_monitor.la
4) When are moduleload specs needed?
Not sure what you mean here.
5) Are env variables needed to find ppolicy.la?
No.
6) What's the secret?
Reading the man pages and other documentation.
7) When will the book be published?
Howard is currently working on writing it.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html