Hi,
I am very new to open ldap. I can run slap an add edit new entry. Now I want to implement pwdpolicy. I tried it several times. I like to describe what I said.
1. run slapd without modifying anything. 2. create an ou=policies. Script as following
dn: ou=policies,dc=my-domain,dc=com
objectClass: organizationalUnit
objectClass: top
ou: policies
3. write policy.schema. 4. include policy.schema; but overlay is not added. run slapd again. In the core.schema attributetype userpassword was comment out 5. Now I want to create policy.ldif. Script
dn: cn=default,ou=policies,dc=my-domain,dc=com
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
#sn: 'dummy value' objectClass: organizationalUnit
It gives an error "Invalid syntax (21) pwdAttribute: value #0 invalid per syntax. Why it gives such error? My assumption is ppolicy.schema attribute is not created successfully. Another point in core.schema attributeType; userPassword is comment out. If I uncomment it. slapd -d 1 gives an duplicate attribute type. Give a solution please.
Now my question is
a. how I am sure that my PPolicy.schema is created? I don't have any ppolicy.la
b. what does do policy.la.