Rick Stevens wrote:
Ralf Haferkamp wrote:
On Freitag, 11. April 2008, Rick Stevens wrote:
Howard Chu wrote:
Chris G. Sellers wrote:
Rick,
try
ldapsearch -{normal stuff here} cn=<value> '*' '+'
And then man ldapsearch and read the 'operational' section of the manpage (near the top)
On Apr 10, 2008, at 6:35 AM, Gavin Henry wrote:
Rick Stevens wrote: > I've got a question regarding the ppolicy overlay. I've read > the docs I > can find for it on the web, but there's a couple of holes in > them and in > my knowledge. > I've got the config set up (schema, module load, external check > library) > and such. I've got the default policy DN in the database and > such. From slapd.conf: > overlay ppolicy > ppolicy_default \ > "cn=DefaultPassword,ou=Policies,dc=billing,dc=com" > ppolicy_use_lockout > ppolicy_hash_cleartext
If the above extract from slapd.conf was quoted exactly, then it is wrong. Read the slapd.conf(5) manpage.
The "ppolicy_default" stuff is on one line. I reformatted it for my mail client.
The indentation is the problem. The slapd.conf(5) manpage states this:
"If a line begins with white space, it is considered a continuation of the previous line."
All the ppolicy statements have to be on separate lines as they are separate config options.
Oh. The example code showed indentations, I believe. I'll reformat and give it a whirl.
I really do appreciate the help. I'll keep the list posted.
As I promised, here's an update:
It was indeed the syntax of the slapd.conf. The indentations were the culprit. I'm a bit surprised that neither the slapd parser nor slaptest caught it. Ah, well.
The inability to specify the pwdCheckModule attribute for the policy also caused me grief until I realized that I had to include "objectClass: pwdPolicyChecker" to my policies. I don't recall seeing that in my google searches, but I'm a bit punch drunk from this whole thing.
Just wanted to extend my immense gratitude to all the help I've received on the list. As they'd say in 1920's Chicago, "Youse mugs is great!" ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - I'm afraid my karma just ran over your dogma - ----------------------------------------------------------------------