I read the entry in Chapter 6 http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples regarding setting the Password Policy Control.
I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43
I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:
$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret -f /etc/openldap/data/ppolicy.ldif adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"
adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" ldapadd: Object class violation (65) additional info: no structural object class provided
Any idea? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?
----------------------------------------- The policy.ldif:
dn: ou=pwdpolicies,dc=zes_example,dc=com ou: pwdpolicies description: All password Policies objectclass: organizationalunit
# Default Password Policy dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com objectClass: pwdPolicy cn: default # User can change his/her password pwdAllowUserChange: TRUE # Return warning to bind attempt (seconds) -- 3 days pwdExpireWarning: 259200 # Interval in seconds to reset failure pwd count pwdFailureCountInterval: 100 # Do not allow to bind on expired passwords pwdGraceAuthNLimit: 0 # Reject any password changes in this list pwdInHistory: 3 # Lock out account when user tries more than x attempts using invalid password pwdLockout: TRUE # Do not allow the system to unlock the account pwdLockoutDuration: 0 # Consecutinve # of failure attempts pwdMaxFailure: 5 # How long the password lasts before user has to change it (seconds) -- 90 days pwdMaxAge: 77760000 # Password length pwdMinLength: 6
The commands in my slapd.conf are:
... include /etc/openldap/schema/ppolicy.schema ... (not usre if I need the next line) loadmodule ppolicy.la
# invokes password policies for this DIT only overlay ppolicy # Default ppolicy ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" # Some ppolicy directives ppolicy_use_lockout
Gisella Saavedra Sr. Software Engineer gsaavedra@zebra.commailto:gsaavedra@zebra.com
[cid:image001.gif@01CA8D67.CCDB6A40]
1000 Broadway, Suite 150, Oakland, CA 94607 | T+1 510 267 5123 T Main+1 510 267 5000 F+1 510 267 5100 | http://www.zebra.com/zes
________________________________ - CONFIDENTIAL-
This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.