Apologies Quanah,

Yes - the first thing I did was to load the ppolicy schema.

Here is the full cn=module{0} from ldapsearch:

# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov
olcModuleLoad: {2}ppolicy

Here is the contents of cn=module{0}.ldif

dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov

I don't have the initial error that I got when attempting to load the ppolicy module, but subsequent attempts yield this error:

add olcModuleLoad:

ppolicy
modifying entry "cn=module{0},cn=config"
ldap_modify: Type or value exists (20)
additional info: modify/add: olcModuleLoad: value #0 already exists

Then after (ill-advisedly) applying the ppolicy overlay, slapcat -n 0 yields the following:

5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted.
5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config:
slapcat: bad configuration file!

Thank you,

John Alexander

On Mon, Jun 8, 2020 at 9:12 AM Quanah Gibson-Mount <quanah@symas.com> wrote:

--On Monday, June 8, 2020 9:55 AM -0700 John Alexander
<jalexander@concentricsky.com> wrote:

>
>
> Hi Quanah,
>
>
> I figured that was the problem, but after I ran the module load:
>
>
> dn: cn=module{0},cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: ppolicy
>
>
> I received errors. slapcat -n 0 | grep olcModuleLoad did not indicate
> that ppolicy was loaded. However ldapsearch indicated that it was
> loaded.

If you receive errors, you need to show what those errors are. You also
need to show what your *full* cn=module{0} entry looks like, and you've
never stated whether or not you've loaded the mandatory ppolicy schema.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>