So I'm still on this. Since I'm running cn=config rather than slapd.conf, I'm confused as to where to put the:
overlay ppolicy
I don't have a: database mdb
Here's my slapd.ldif that I loaded in (with the added olcModuleload you told me to add):
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/lib/openldap/slapd.args olcPidFile: /var/lib/openldap/slapd.pid
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/libexec/openldap olcModuleload: back_mdb.la olcModuleload ppolicy.so
# Include more schemas in addition to default core include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/sudo.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcAccess: to dn.base="cn=Subschema" by * read olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
So where would I put the: overlay ppolicy
Thanks, Eric
On Tue, Mar 7, 2023 at 12:21 PM Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Tuesday, March 7, 2023 12:16 PM -0700 Eric Fetzer eric.fetzer@gmail.com wrote:
I'm using 2.6.4. Sorry, brand new at this, how do I enable it? I don't see any references to it in the slapd.conf... I'm in the process of converting an ISDS db to OpenLDAP. Kind of daunting so far...
Generally speaking:
In the portion of your configuration loading module:
modulepath .... moduleload ppolicy.so
In the database section of your configuration where you want to apply password policies
database mdb ...
overlay ppolicy
Regards, Quanah