Ok, so
load the module, does it matter where in the slapd.conf file?
Is the format simply:
database mdb overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
OR is it something like,
objectClass: olcModuleList cn: module{0} olcModuleLoad: ppolicy.la
THEN load it with ldapadd ? # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/ppmodule.ldif
Thank you, Liz
On 6/1/22, 11:45 AM, "Quanah Gibson-Mount" quanah@fast-mail.org wrote:
--On Wednesday, June 1, 2022 7:02 PM +0000 "Real Villafan, Elizabeth (US 392K)" elizabeth.real@jpl.nasa.gov wrote:
> > > > Hello, > > > I'm upgrading from openldap 2.4 running on RHEL7 up to 2.6.2 and RHEL8 on > new hardware, apparently the way to configure password policy now is by > configuring the slapd.conf file rather than loading the ppolicy schema. > How do I modify that file properly? I read > https://urldefense.us/v3/__https://www.openldap.org/doc/admin26/overlays.htm...
You always configured password policies by loading the module. The only change is that instead of having to combine both the schema file and the module, you only need the module.
> on section 12.10.2. Password Policy Configuration, what does it mean to > "Instantiate the module in the database"? do you have a sample slapd.conf > file I can refer to?
The same way you load any other overlay for use with a database.
database mdb ...
overlay ppolicy ...
--Quanah