I'm running 2.3.39 and using ppolicy to enforce our password policy. Got an LDIF file:
dn: cn=npg2810,ou=policies,dc=nasascience,dc=nasa,dc=gov cn: npg2810 objectClass: top objectClass: pwdPolicy objectClass: organizationalRole objectClass: pwdPolicyChecker description: OpenLDAP ppolicy to implement NPG2810-like restrictions pwdAttribute: userPassword
When I try to slapadd it, I get an error indicating it doesn't like "userPassword":
sudo sbin/slapadd -l ldifs/6_policies.ldif str2entry: invalid value for attributeType pwdAttribute #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=51)
The ppolicy.schema file says:
#5.2.1 pwdAttribute # # This holds the name of the attribute to which the password policy is # applied. For example, the password policy may be applied to the # userPassword attribute.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
And my slapd.conf includes ppolicy.schema in addition to core.schema, cosine.schema, and inetorgperson.schema.
Oddly, replacing the "userPassword" value with a random number, like "42" or "3.14159" causes no error.
I cannot find userPassword defined in any of the schemas, tho it is commented out in core.schema. If I uncomment it from core.schema it complains that it's a dupe:
sbin/slapadd -l ldifs/6_policies.ldif schema/core.schema: line 244: Duplicate attributeType: "2.5.4.35" slapadd: bad configuration file!
What am I missing? Thanks.