Hi,
I got stuck with this problem. I'm able to change the user password using shadowAccount objectClass but I can't do the same using pwdPolicy objectClass. I set ppolicy attribute in order to get the password expired message:
pwdExpireWarning 10 pwdMaxAge 15 pwdMustChange TRUE pwdAllowUserChange TRUE pwdLockout TRUE
slapd.conf:
include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
access to attrs=userPassword by self write by users read by anonymous auth
access to * by * read
overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=sample,dc=com" ppolicy_use_lockout
I really appreciate any help with this problem.
Thanks!
On 08/27/2012 05:19 PM, Andy Poirier wrote:
It looks like you have some conflicting arguments in your ldif, not sure if that matters. Is this a copy and paste ldif or did you have to type it by hand?
The ones that stand out are pwdMaxAge: 60 pwdMaxAge: 0 - means that passwords will not expire pwdMinLenght: 5 - misspelled
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of cbulist Sent: Monday, August 27, 2012 4:30 PM To: openldap-technical@openldap.org Subject: Configuring ppolicy problem
Hi,
I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and pwdWarning (I am able to login when my password is suppose to be expired) I tried with shadowAccount instead of PwdPolicy and It is working well.
This is my relevant setting in slapd.conf
include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=sample,dc=com" ppolicy_use_lockout
My ldip file is:
objectClass: organizationalUnit objectClass: top ou: policies
dn: cn=default,ou=policies,dc=sample,dc=com objectClass: pwdPolicy objectClass: person objectClass: top cn: default pwdAttribute: userPassword sn: dummy pwdAllowUserChange: TRUE pwdCheckQuality: 2 pwdExpireWarning: 50 pwdFailureCountInternal: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: FALSE pwdLockDuration:0 pwdMaxAge: 60 pwdMaxAge: 0 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLenght: 5 pwdMustChange: FALSE pwdSafeModify: FALSE
dn: cn=user1,ou=policies,dc=sample,dc=com objectClass: pwdPolicy objectClass: person objectClass: top objectClass: posixAccount objectClass: pwdPolicy objectClass: shadowAccount cn: user1 pwdAttribute: userPassword gidNumber: 501 homeDirectory: /home/user1 sn: test uid: user1 uidNumber: 501 pwdAllowUserChange: TRUE pwdAge: 20 pwdExpireWarning: 15 userPassword: XXXXX
Thanks in advance!