I read the entry in Chapter 6
http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples
regarding setting the Password Policy Control.
I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43
I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:
$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret -f /etc/openldap/data/ppolicy.ldif
adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"
adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"
ldapadd: Object class violation (65)
additional info: no structural object class provided
Any idea? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?
-----------------------------------------
The policy.ldif:
dn: ou=pwdpolicies,dc=zes_example,dc=com
ou: pwdpolicies
description: All password Policies
objectclass: organizationalunit
# Default Password Policy
dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com
objectClass: pwdPolicy
cn: default
# User can change his/her password
pwdAllowUserChange: TRUE
# Return warning to bind attempt (seconds) -- 3 days
pwdExpireWarning: 259200
# Interval in seconds to reset failure pwd count
pwdFailureCountInterval: 100
# Do not allow to bind on expired passwords
pwdGraceAuthNLimit: 0
# Reject any password changes in this list
pwdInHistory: 3
# Lock out account when user tries more than x attempts using invalid password
pwdLockout: TRUE
# Do not allow the system to unlock the account
pwdLockoutDuration: 0
# Consecutinve # of failure attempts
pwdMaxFailure: 5
# How long the password lasts before user has to change it (seconds) -- 90 days
pwdMaxAge: 77760000
# Password length
pwdMinLength: 6
The commands in my slapd.conf are:
…
include /etc/openldap/schema/ppolicy.schema
… (not usre if I need the next line)
loadmodule ppolicy.la
# invokes password policies for this DIT only
overlay ppolicy
# Default ppolicy
ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"
# Some ppolicy directives
ppolicy_use_lockout
Gisella Saavedra
Sr. Software Engineer
gsaavedra@zebra.com
1000 Broadway, Suite 150, Oakland, CA 94607 | T+1 510 267 5123 T Main+1 510 267 5000 F+1 510 267 5100 | http://www.zebra.com/zes
- CONFIDENTIAL-
This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.
--
Diego Lima