I read the entry in Chapter 6 http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples regarding setting the Password Policy Control.
I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43
I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:
$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret -f /etc/openldap/data/ppolicy.ldif adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"
adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" ldapadd: Object class violation (65) additional info: no structural object class provided
Any idea why I am getting this error? Am I missing an objectClass in the policy definition? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?
Any help is appreciated.
The output from the server is:
<= index_entry_add( 12, "ou=pwdpolicies,dc=zes_example,dc=com" ) success => entry_encode(0x0000000c): ou=pwdpolicies,dc=zes_example,dc=com bdb_add: added id=0000000c dn="ou=pwdpolicies,dc=zes_example,dc=com" send_ldap_result: conn=7 op=1 p=3 send_ldap_response: msgid=2 tag=105 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=7 connection_read(9): checking for input on id=7 ber_get_next ber_get_next: tag 0x30 len 369 contents: ber_get_next do_add ber_scanf fmt ({m) ber:
dnPrettyNormal: <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>
<<< dnPrettyNormal: <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>, <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>
ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt (}) ber: bdb_dn2entry("cn=default,ou=pwdpolicies,dc=zes_example,dc=com") => bdb_dn2id("cn=default,ou=pwdpolicies,dc=zes_example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_referrals: op=104 target="cn=default,ou=pwdpolicies,dc=zes_example,dc=com" matched="ou=pwdpolicies,dc=zes_example,dc =com" bdb_add: entry failed op attrs add: no structural object class provided (65) send_ldap_result: conn=7 op=2 p=3 send_ldap_response: msgid=3 tag=105 err=65 ber_flush: 49 bytes to sd 9 connection_get(9): got connid=7 connection_read(9): checking for input on id=7 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next do_unbind ber_get_next on fd 9 failed errno=0 (No error) connection_closing: readying conn=7 sd=9 for close connection_close: deferring conn=7 sd=9 connection_resched: attempting closing conn=7 sd=9 connection_close: conn=7 sd=9
------------------------------------------- The policy.ldif:
dn: ou=pwdpolicies,dc=zes_example,dc=com ou: pwdpolicies description: All password Policies objectClass: organizationalUnit
# Default Password Policy dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com objectClass: pwdPolicy cn: default pwdAllowUserChange: TRUE pwdExpireWarning: 259200 pwdFailureCountInterval: 100 pwdGraceAuthNLimit: 0 pwdInHistory: 3 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxFailure: 5 pwdMaxAge: 77760000 pwdMinLength: 6
# # Short-lived Password Policy (to be used for testing purposes - 1-day pwd live) # dn: cn=short_lived,ou=pwdpolicies,dc=example,dc=com objectClass: pwdPolicy cn: short_lived pwdMaxAge: 86400 pwdInHistory: 3 pwdMaxFailure: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMinLength: 6 pwdAllowUserChange: TRUE
The commands in my slapd.conf are:
... include /etc/openldap/schema/ppolicy.schema ... (not usre if I need the next line) loadmodule ppolicy.la
# invokes password policies for this DIT only overlay ppolicy # Default ppolicy ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" # Some ppolicy directives ppolicy_use_lockout
------------------------------------------------------------------------------
Gisella Saavedra Sr. Software Engineer gsaavedra@zebra.commailto:gsaavedra@zebra.com
[cid:image001.gif@01CA8EBD.44929260]
1000 Broadway, Suite 150, Oakland, CA 94607 | T+1 510 267 5123 T Main+1 510 267 5000 F+1 510 267 5100 | http://www.zebra.com/zes
________________________________ - CONFIDENTIAL-
This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.
