This is the passwordPolicy.ldif:
dn: ou=policies,dc=*****,dc=***** objectClass: pwdPolicy objectClass: person objectClass: top cn: policies sn: policies pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 3600 #pwdFailureCountInterval: 30 #pwdGraceAuthNLimit: 5 pwdInHistory: 10 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 8 pwdMustChange: FALSE pwdSafeModify: FALSE
Thank you, Liz
From: Michael Ströder <michael@stroeder.commailto:michael@stroeder.com> Date: Thursday, September 24, 2015 at 10:56 AM To: Elizabeth Real Chavez <Elizabeth.Real@jpl.nasa.govmailto:Elizabeth.Real@jpl.nasa.gov>, "openldap-technical@openldap.orgmailto:openldap-technical@openldap.org" <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Subject: Re: Allow users to change ldap password with passwd
Real, Elizabeth (392K) wrote: # ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f passwordPolicy.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "ou=policies,dc=*****,dc=*****" ldap_add: Object class violation (65) additional info: attribute 'ou' not allowed
How does passwordPolicy.ldif look like? What's the set of object classes used?
Ciao, Michael.