Michael Ströder escreveu:
The first question is whether you need password policy enabled. If yes, then see man page slapo-ppolicy(5). If no, then turn it off in the LDAP client in question (which one?). If that's pam_ldap then watch out the configuration in the accompanying ldap.conf file.
Error on adding default policie in the ldap database:
# ldap:/etc/ldap# /etc/init.d/slapd stop Stopping OpenLDAP: slapd.
# ldap:/etc/ldap# slapadd -l /tmp/polici.txt The first database does not allow slapadd; using the first available one (2) str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=1)
ldap:/etc/ldap# cat /tmp/polici.txt dn: cn=default,ou=Policies,dc=xxxx,dc=com,dc=br cn: default objectClass: pwdPolicy objectClass: person objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 0 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
Some ideas?