I read the entry in Chapter 6
http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples
regarding setting the Password Policy Control.
I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43
I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:
$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret -f /etc/openldap/data/ppolicy.ldif
adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"
adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"
ldapadd: Object class violation (65)
additional info: no structural object class provided
Any idea? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?
-----------------------------------------
The policy.ldif:
dn: ou=pwdpolicies,dc=zes_example,dc=com
ou: pwdpolicies
description: All password Policies
objectclass: organizationalunit
# Default Password Policy
dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com
objectClass: pwdPolicy
cn: default
# User can change his/her password
pwdAllowUserChange: TRUE
# Return warning to bind attempt (seconds) -- 3 days
pwdExpireWarning: 259200
# Interval in seconds to reset failure pwd count
pwdFailureCountInterval: 100
# Do not allow to bind on expired passwords
pwdGraceAuthNLimit: 0
# Reject any password changes in this list
pwdInHistory: 3
# Lock out account when user tries more than x attempts using invalid password
pwdLockout: TRUE
# Do not allow the system to unlock the account
pwdLockoutDuration: 0
# Consecutinve # of failure attempts
pwdMaxFailure: 5
# How long the password lasts before user has to change it (seconds) -- 90 days
pwdMaxAge: 77760000
# Password length
pwdMinLength: 6
The commands in my slapd.conf are:
…
include /etc/openldap/schema/ppolicy.schema
… (not usre if I need the next line)
loadmodule ppolicy.la
# invokes password policies for this DIT only
overlay ppolicy
# Default ppolicy
ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"
# Some ppolicy directives
ppolicy_use_lockout
Gisella Saavedra |
|
|
|
1000 Broadway, Suite 150, Oakland, CA 94607 | T+1 510 267 5123 T Main+1 510 267 5000 F+1 510 267
5100 | http://www.zebra.com/zes |
|