2011/12/1 Fabian Heinz <fabian.heinz@xinfo.de>

Hi together,

 

I want to setup password policy in a small company.

 

We’re using openldap for a while without any pw constraints.

 

Now I got ppolicy working and pw update fails correctly on the defined constraints.

But I am not able to load the pwdCheckModule.

 

I implemented some basic function which should always fail, just to see it is working. But it seems not be loaded.

 

I compiled it as shared library with libtool and tried different locations with no result.

I even cannot find any logging information about that.

 

Can you give some tips where to find the loggings or how to increase them. At the moment I configured slapd.conf to loglevel  -1

And can only find logging in the syslog

 

 

Here my policy ldif

 

version: 1

DN: cn=default,ou=policies,dc=company,dc=com

objectClass: top

objectClass: device

objectClass: pwdPolicy

objectClass: pwdPolicyChecker

cn: default

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckModule: libcheck_password.so

pwdCheckQuality: 1

pwdExpireWarning: 432000

pwdFailureCountInterval: 0

pwdGraceAuthNLimit: 0

pwdInHistory: 0

pwdLockout: TRUE

pwdLockoutDuration: 1920

pwdMaxAge: 7516800

pwdMaxFailure: 4

pwdMinLength: 8

pwdMustChange: TRUE

pwdSafeModify: FALSE

 

 

I tried to put the shared library to /usr/local/lib and /usr/lib/ldap

 

Both had not effect.


Hi,

try to configure modulepath directive with the path containing your module. By default, modules are searched in OPENLDAP_ROOT/libexec/openldap/


Clément.