I am trying to use the ppolicy overlay. I've searched, read and experimented and can't get it to work. I've read other similar postings with similar problems but haven't found the one with the answer.
My OpenLDAP knowledge is intermediate.
I download 2.3.27, then build it:
env LIBS="-L/usr/bin" \ ./configure \ --prefix=/usr/local \ --libdir=/usr/local/lib \ --sbindir=/usr/sbin \ --libexecdir=/usr/sbin \ --sysconfdir=/etc \ --localstatedir=/var/lib/ldap \ --enable-overlays=mod \ --enable-dynamic=yes \ --enable-modules=yes \ --enable-ppolicy=yes && make depend && make
I include ppolicy in slapd.conf.
include /etc/openldap/schema/ppolicy.schema overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,c=us" ppolicy_hash_cleartext ppolicy_use_lockout
I have tried with and without modulepath and moduleload. I suspect they are not needed but am not sure.
modulepath /usr/sbin moduleload ppolicy.la
I have created a policy structure in my repository.
I don't really care if ppolicy is statically or dynamically loaded, I just want it to be available! The problem may be that I really don't get the meaning or dependencies of enable-dynamic, enable-modules, enable-overlays, enable-static, enable-shared.
My goal is simple : to get ppolicy working in the simplest way.
Problems:
/etc/init.d/ldap start --
WARNING: No dynamic config support for overlay ppolicy.
This apparently is more than just a "warning" because startup fails.
I figured Symas CDS silver would work, so I downloaded it, commented out the ppolicy lines:
# Load an instance of the ppolicy overlay for the current database: overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,c=us" ppolicy_hash_cleartext ppolicy_use_lockout
and put -d -1 into EXTRA_SLAPD_ARGS so I could see what happens.
With this:
# Uncomment the following moduleload to add support for # password policies. Refer to the example below and to # slapo-ppolicy(5) for additional information. moduleload ppolicy.la
I get:
line 93 (moduleload ppolicy.la) lt_dlopenext failed: (ppolicy.la) file not found /opt/symas/etc/openldap/slapd.conf: line 93: <moduleload> handler exited with 1!
With this:
#moduleload ppolicy.la
I get this:
line 234 (overlay ppolicy) overlay "ppolicy" not found /opt/symas/etc/openldap/slapd.conf: line 234: <overlay> handler exited with 1!
What makes this all the more frustrating is that test022-ppolicy appears to work fine. I have examined its .conf file and environment variables, etc and can't extract the secret.
Questions:
1) Where is ppolicy.la located? 2) Does it need to be loaded? 3) Where is the path to it specified? 4) When are moduleload specs needed? 5) Are env variables needed to find ppolicy.la? 6) What's the secret? 7) When will the book be published?
All advice welcome.
Thanks, Roger Metcalf