Hello,
I hope this is the place to send such questions. I'm having problems getting started with ppolicy.
I am trying to specify a specific ppolicy entry for users without using the slapd.conf default policy. Our OpenLDAP deployment environment in Red Hat uses version 2.3.33.
From what I have read (elsewhere since the manual is missing the
ppolicy config info), I must first add a new policy of objectclass 'pwdPolicy" in the policy list. I have done that without problem. I must then indicate for the users that use that policy, the DN of the new policy in the field 'pwdPolicySubentry'.
My problem at this point is that I see no objectclass that contains this field. In reading the ppolicy.schema file I see that the type 'pwdPolicySubentry' is described there, but commented out. The odd thing though, is that even though it is commented out, I can see the type in my LDAP browser when I look for a list of types, and I see no description of it in the other .schema files.
I did read on someone's site that the user entry should be an objectclass of 'pwdPolicy' and then the 'pwdPolicySubentry' field can be entered, but in the ppolicy.schema document, 'pwdPolicySubentry' is not described in the list of fields for objectclass 'pwdPolicy'.
Do I have to edit the ppolicy.schema to get the overlay to work this way? I'm new to LDAP so perhaps I'm not understanding something basic.
Any help or suggestions would be very helpful.
-Todd Merrill
Your slapd.conf file should include a schema for password policy
something like
include /home/ldap/openldap/etc/openldap/schema/ppolicy.schema
Then, you should be able to use the pwdPolicy schema. You may want to read up on
man slapo_ppolicy (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/slap... )
and the ppolicy.schema (http://www.opensource.apple.com/darwinsource/Current/OpenLDAP-106/OpenLDAP/s... )
You should have a copy of that schema in your LDAP distribution as well, so you can read the latest version on your harddrive of your server.
Sellers
On Apr 17, 2008, at 4:59 AM, Todd Merrill wrote:
Hello,
I hope this is the place to send such questions. I'm having problems getting started with ppolicy.
I am trying to specify a specific ppolicy entry for users without using the slapd.conf default policy. Our OpenLDAP deployment environment in Red Hat uses version 2.3.33.
From what I have read (elsewhere since the manual is missing the
ppolicy config info), I must first add a new policy of objectclass 'pwdPolicy" in the policy list. I have done that without problem. I must then indicate for the users that use that policy, the DN of the new policy in the field 'pwdPolicySubentry'.
My problem at this point is that I see no objectclass that contains this field. In reading the ppolicy.schema file I see that the type 'pwdPolicySubentry' is described there, but commented out. The odd thing though, is that even though it is commented out, I can see the type in my LDAP browser when I look for a list of types, and I see no description of it in the other .schema files.
I did read on someone's site that the user entry should be an objectclass of 'pwdPolicy' and then the 'pwdPolicySubentry' field can be entered, but in the ppolicy.schema document, 'pwdPolicySubentry' is not described in the list of fields for objectclass 'pwdPolicy'.
Do I have to edit the ppolicy.schema to get the overlay to work this way? I'm new to LDAP so perhaps I'm not understanding something basic.
Any help or suggestions would be very helpful.
-Todd Merrill
______________________________________________ Chris G. Sellers | NITLE - Technology Team 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GoogleTalk: cgseller@gmail.com
Chris G. Sellers wrote:
Your slapd.conf file should include a schema for password policy
something like
include /home/ldap/openldap/etc/openldap/schema/ppolicy.schema
Then, you should be able to use the pwdPolicy schema. You may want to read up on
man slapo_ppolicy (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/slap...)
and the ppolicy.schema (http://www.opensource.apple.com/darwinsource/Current/OpenLDAP-106/OpenLDAP/s...)
Please read our own hosted documention or what is documentation and schemas are bundled with your version:
http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&a...
openldap-software@openldap.org
-
Chris G. Sellers -
Gavin Henry -
Todd Merrill