Your slapd.conf file should include a schema for password policy
Then, you should be able to use the pwdPolicy schema. You may want to
read up on
and the ppolicy.schema
You should have a copy of that schema in your LDAP distribution as
well, so you can read the latest version on your harddrive of your
On Apr 17, 2008, at 4:59 AM, Todd Merrill wrote:
I hope this is the place to send such questions. I'm having problems
getting started with ppolicy.
I am trying to specify a specific ppolicy entry for users without
using the slapd.conf default policy. Our OpenLDAP deployment
environment in Red Hat uses version 2.3.33.
> From what I have read (elsewhere since the manual is missing the
ppolicy config info), I must first add a new policy of objectclass
'pwdPolicy" in the policy list. I have done that without problem. I
must then indicate for the users that use that policy, the DN of the
new policy in the field 'pwdPolicySubentry'.
My problem at this point is that I see no objectclass that contains
this field. In reading the ppolicy.schema file I see that the type
'pwdPolicySubentry' is described there, but commented out. The odd
thing though, is that even though it is commented out, I can see the
type in my LDAP browser when I look for a list of types, and I see no
description of it in the other .schema files.
I did read on someone's site that the user entry should be an
objectclass of 'pwdPolicy' and then the 'pwdPolicySubentry' field can
be entered, but in the ppolicy.schema document, 'pwdPolicySubentry' is
not described in the list of fields for objectclass 'pwdPolicy'.
Do I have to edit the ppolicy.schema to get the overlay to work this
way? I'm new to LDAP so perhaps I'm not understanding something
Any help or suggestions would be very helpful.
Chris G. Sellers | NITLE - Technology Team
734.661.2318 | chris.sellers(a)nitle.org
AIM: imthewherd | GoogleTalk: cgseller(a)gmail.com