Hi,

I am very new to open ldap. I can run slap an add edit new entry. Now I want to implement pwdpolicy. I tried it several times. I like to describe what I said.

run slapd without modifying anything.
create an ou=policies. Script as following

dn: ou=policies,dc=my-domain,dc=com

objectClass: organizationalUnit

objectClass: top

ou: policies

write policy.schema.
include policy.schema; but overlay is not added. run slapd again. In the core.schema attributetype userpassword was comment out
Now I want to create policy.ldif. Script

dn: cn=default,ou=policies,dc=my-domain,dc=com

cn: default

objectClass: pwdPolicy

objectClass: person

objectClass: top

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdExpireWarning: 600

pwdFailureCountInterval: 30

pwdGraceAuthNLimit: 5

pwdInHistory: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxAge: 0

pwdMaxFailure: 5

pwdMinAge: 0

pwdMinLength: 5

pwdMustChange: FALSE

pwdSafeModify: FALSE

#sn: 'dummy value' objectClass: organizationalUnit

It gives an error “Invalid syntax (21) pwdAttribute: value #0 invalid per syntax. Why it gives such error? My assumption is ppolicy.schema attribute is not created successfully. Another point in core.schema attributeType; userPassword is comment out. If I uncomment it. slapd –d 1 gives an duplicate attribute type. Give a solution please.

Now my question is

a. how I am sure that my PPolicy.schema is created? I don’t have any ppolicy.la

b. what does do policy.la.