Thanks for the quick response! I'm using 2.3.27 because it was The Stable Release when I started this. I'll move to the latest stable release after I get ppolicy figured out.
I want dynamic modules, so I changed my enable-ppolicy to be "mod" --
env LIBS="-L/usr/bin" \ ./configure \ --prefix=/usr/local \ --libdir=/usr/local/lib \ --sbindir=/usr/sbin \ --libexecdir=/usr/sbin \ --sysconfdir=/etc \ --localstatedir=/var/lib/ldap \ --enable-modules=yes \ --enable-ppolicy=mod && make depend && make
The make/install process displayed:
make[3]: Entering directory `/usr/local/src/openldap-2.3.27/servers/slapd/overlays' ../../../build/shtool install -c -m 755 .libs/ppolicy-2.3.so.0.2.15 /usr/sbin/openldap/ppolicy-2.3.so.0.2.15 (cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0 || { rm -f ppolicy-2.3.so.0 && ln -s ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0; }; }) (cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy.so || { rm -f ppolicy.so && ln -s ppolicy-2.3.so.0.2.15 ppolicy.so; }; }) ../../../build/shtool install -c -m 755 .libs/ppolicy.lai /usr/sbin/openldap/ppolicy.la PATH="$PATH:/sbin" ldconfig -n /usr/sbin/openldap
That looked like what I need. In /usr/sbin/openldap I now find:
lrwxrwxrwx 1 root root 21 Jan 22 14:51 ppolicy-2.3.so.0 -> ppolicy-2.3.so.0.2.15 -rwxr-xr-x 1 root root 85722 Jan 22 14:51 ppolicy-2.3.so.0.2.15 -rwxr-xr-x 1 root root 836 Jan 22 14:51 ppolicy.la lrwxrwxrwx 1 root root 21 Jan 22 14:51 ppolicy.so -> ppolicy-2.3.so.0.2.15
In slapd.conf I set the module path:
modulepath /usr/sbin/openldap moduleload ppolicy.la <snip> overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,c=us" ppolicy_hash_cleartext ppolicy_use_lockout
Still I get:
[root openldap-2.3.27]# /etc/init.d/ldap start Checking configuration files for : WARNING: No dynamic config support for overlay ppolicy. config file testing succeeded Starting slapd: FAILED [root openldap-2.3.27]#
Shouldn't this work now?
I attach my slapd.conf, mostly vanilla in this version, and I've removed commented lines for your convenience. How's it look?
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/acs.schema include /etc/openldap/schema/ppolicy.schema
pidfile /var/lib/ldap/run/slapd.pid argsfile /var/lib/ldap/run/slapd.args
modulepath /usr/sbin/openldap moduleload ppolicy.la
database bdb suffix "c=US" rootdn "cn=Manager, c=US" rootpw secret
directory /var/lib/ldap/openldap-data
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub loglevel 256
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,c=us" ppolicy_hash_cleartext ppolicy_use_lockout
Thanks, Roger
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@stanford.edu] Sent: Monday, January 22, 2007 1:36 PM To: Metcalf, Roger; openldap-software@openldap.org Subject: Re: pesky ppolicy problems
--On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger" roger.metcalf@acs-inc.com wrote:
I am trying to use the ppolicy overlay. I've searched, read and experimented and can't get it to work. I've read other similar postings with similar problems but
haven't found
the one with the answer.
My OpenLDAP knowledge is intermediate.
I download 2.3.27, then build it:
Why 2.3.27? 2.3.32 is the current stable release.
Plus there have been fixes since 2.3.27:
OpenLDAP 2.3.30 Release (2006/11/14) Fixed slapo-ppolicy external quality check (ITS#4741)
OpenLDAP 2.3.29 Release (2006/11/10) Fixed slapo-ppolicy leaks (ITS#4665)
OpenLDAP 2.3.28 Release (2006/10/21) Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
As for your questions:
Questions:
- Where is ppolicy.la located?
Well, if its a dynamic module, then in $lib/openldap:
ldap00:/usr/local/lib/openldap> ls -l ppol* lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy-2.3.so.0 -> ppolicy-2.3.so.0.2.16* -rwxr-xr-x 1 root root 102169 Nov 8 21:49 ppolicy-2.3.so.0.2.16* -rwxr-xr-x 1 root root 909 Nov 8 21:49 ppolicy.la* lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy.so -> ppolicy-2.3.so.0.2.16*
- Does it need to be loaded?
Yes, if it is a dynamic module.
- Where is the path to it specified?
Via the "modulepath" directive in slapd.conf:
# Load dynamic backend modules: modulepath /usr/local/lib/openldap moduleload back_hdb.la moduleload back_monitor.la
- When are moduleload specs needed?
Not sure what you mean here.
- Are env variables needed to find ppolicy.la?
No.
- What's the secret?
Reading the man pages and other documentation.
- When will the book be published?
Howard is currently working on writing it.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html