Oracle OpenLDAP PPolicy ppolicy and the hierarchy

In Use: Oracle OpenLDAP 2.4.30, I cannot change to the OpenLDAP version that one can compile. Problem: I have the module and overlay in the conf files and slaptest says it's fine. Both files are from Openldap.org version 2.4.37But how do I test it?

I have created unix shell scripts to do actions like add, delete, modify, view, etc. I can share these if requested.

But I am unsure on the lock, unlock, policy stuff.

Also, How should the OpenLDAP hierarchy look?

Here's mine:

dn: dc=bozo_company,dc=com ou: com objectClass: dcObject objectClass: organizationalUnit objectClass: top dc: bozo_company userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dn: cn=Directory Administrators,dc=bozo_company,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Directory Administrators uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

dn: ou=Groups,dc=bozo_company,dc=com objectClass: top objectClass: organizationalUnit ou: Groups

dn: ou=People,dc=bozo_company,dc=com objectClass: top objectClass: organizationalUnit ou: People

dn: ou=Special Users,dc=bozo_company,dc=com objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts

dn: cn=Accounting Managers,ou=groups,dc=bozo_company,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com uniqueMember: uid=Replica,ou=People,dc=bozo_company,dc=com uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

dn: cn=HR Managers,ou=groups,dc=bozo_company,dc=com objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

dn: cn=QA Managers,ou=groups,dc=bozo_company,dc=com objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

dn: cn=PD Managers,ou=groups,dc=bozo_company,dc=com objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

dn: ou=Services,dc=bozo_company,dc=com ou: Services objectClass: top objectClass: organizationalUnit

dn: ou=DML,ou=Services,dc=bozo_company,dc=com ou: DML objectClass: top objectClass: organizationalUnit

dn: ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com ou: 1.0 objectClass: top objectClass: organizationalUnit

dn: ou=UserForm,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com ou: UserForm objectClass: top objectClass: organizationalUnit

dn: ou=Configuration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com ou: Configuration objectClass: top objectClass: organizationalUnit

dn: cn=Configuration:#ID#Configuration:SystemConfiguration,ou=Configuration,ou=1 .0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:SystemConfiguration

dn: cn=Configuration:#ID#Configuration:CustomRoles,ou=Configuration,ou=1.0,ou=DM L,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:CustomRoles

dn: cn=Configuration:#ID#Configuration:DmlManagedDirectory,ou=Configuration,ou=1 .0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DmlManagedDirectory

dn: cn=UserForm:#ID#UserForm:DefaultUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic es,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultUserForm

dn: cn=UserForm:#ID#UserForm:DefaultNtUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultNtUserForm

dn: cn=UserForm:#ID#UserForm:DefaultHomeForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic es,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultHomeForm

dn: cn=UserForm:#ID#UserForm:DefaultDMLObjectForm,ou=UserForm,ou=1.0,ou=DML,ou=S ervices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDMLObjectForm

dn: cn=UserForm:#ID#UserForm:DefaultCreateForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultCreateForm

dn: cn=UserForm:#ID#UserForm:DefaultObjectClassSelectionForm,ou=UserForm,ou=1.0, ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultObjectClassSelectionForm

dn: cn=UserForm:#ID#UserForm:DefaultDisplayComponentFields,ou=UserForm,ou=1.0,ou =DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDisplayComponentFields

dn: cn=UserForm:#ID#UserForm:DefaultEditFieldForm,ou=UserForm,ou=1.0,ou=DML,ou=S ervices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultEditFieldForm

dn: cn=UserForm:#ID#UserForm:DefaultListFormsForm,ou=UserForm,ou=1.0,ou=DML,ou=S ervices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultListFormsForm

dn: cn=UserForm:#ID#UserForm:DefaultEditFormForm,ou=UserForm,ou=1.0,ou=DML,ou=Se rvices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultEditFormForm

dn: cn=UserForm:#ID#UserForm:DefaultGroupForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi ces,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultGroupForm

dn: cn=UserForm:#ID#UserForm:DefaultFindLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Ser vices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultFindLibrary

dn: cn=UserForm:#ID#UserForm:DefaultGroupFilterForm,ou=UserForm,ou=1.0,ou=DML,ou =Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultGroupFilterForm

dn: cn=UserForm:#ID#UserForm:DefaultOuForm,ou=UserForm,ou=1.0,ou=DML,ou=Services ,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultOuForm

dn: cn=UserForm:#ID#UserForm:DefaultDomainForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDomainForm

dn: cn=UserForm:#ID#UserForm:DefaultLocalityForm,ou=UserForm,ou=1.0,ou=DML,ou=Se rvices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultLocalityForm

dn: cn=UserForm:#ID#UserForm:DefaultFindForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic es,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultFindForm

dn: cn=UserForm:#ID#UserForm:DefaultSearchConfigForm,ou=UserForm,ou=1.0,ou=DML,o u=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultSearchConfigForm

dn: cn=Configuration:#ID#Configuration:DefaultSearchOptions,ou=Configuration,ou= 1.0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DefaultSearchOptions

dn: cn=UserForm:#ID#UserForm:DefaultCOSTemplateForm,ou=UserForm,ou=1.0,ou=DML,ou =Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultCOSTemplateForm

dn: cn=UserForm:#ID#UserForm:DefaultExtensionsEditForm,ou=UserForm,ou=1.0,ou=DML ,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultExtensionsEditForm

dn: cn=UserForm:#ID#UserForm:DefaultManagedDirectoryForm,ou=UserForm,ou=1.0,ou=D ML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultManagedDirectoryForm

dn: cn=UserForm:#ID#UserForm:DefaultOrganizationPickerForm,ou=UserForm,ou=1.0,ou =DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultOrganizationPickerForm

dn: cn=UserForm:#ID#UserForm:DefaultListNamingAttributesForm,ou=UserForm,ou=1.0, ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultListNamingAttributesForm

dn: cn=UserForm:#ID#UserForm:DefaultNamingAttributeForm,ou=UserForm,ou=1.0,ou=DM L,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultNamingAttributeForm

dn: cn=UserForm:#ID#UserForm:DefaultRolesForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi ces,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultRolesForm

dn: cn=UserForm:#ID#UserForm:DefaultRoleForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic es,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultRoleForm

dn: cn=UserForm:#ID#UserForm:DefaultDeleteForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDeleteForm

dn: cn=UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm,ou=UserForm,ou=1.0, ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm

dn: cn=UserForm:#ID#UserForm:DefaultEnableForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultEnableForm

dn: cn=UserForm:#ID#UserForm:DefaultDisableForm,ou=UserForm,ou=1.0,ou=DML,ou=Ser vices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultDisableForm

dn: cn=UserForm:#ID#UserForm:DefaultRenameForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultRenameForm

dn: cn=UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm,ou=UserForm,ou=1.0,o u=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm

dn: cn=UserForm:#ID#UserForm:DefaultBrowseForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv ices,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultBrowseForm

dn: cn=Configuration:#ID#Configuration:ComponentProperties,ou=Configuration,ou=1 .0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:ComponentProperties

dn: cn=Configuration:#ID#Configuration:DefaultFormConfiguration,ou=Configuration ,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DefaultFormConfiguration

dn: cn=Configuration:#ID#Configuration:DefaultRoles,ou=Configuration,ou=1.0,ou=D ML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DefaultRoles

dn: cn=Configuration:#ID#Configuration:DefaultCapabilities,ou=Configuration,ou=1 .0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DefaultCapabilities

dn: cn=Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration,ou=C onfiguration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration

dn: cn=UserForm:#ID#UserForm:DefaultEditPasswordForm,ou=UserForm,ou=1.0,ou=DML,o u=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:DefaultEditPasswordForm

dn: cn=Configuration:#ID#Configuration:WPSearchOptions,ou=Configuration,ou=1.0,o u=DML,ou=Services,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: Configuration:#ID#Configuration:WPSearchOptions

dn: cn=UserForm:#ID#UserForm:WPSearchLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Servic es,dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:WPSearchLibrary

dn: cn=UserForm:#ID#UserForm:WPSearchForm,ou=UserForm,ou=1.0,ou=DML,ou=Services, dc=bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:WPSearchForm

dn: cn=UserForm:#ID#UserForm:WPViewForm,ou=UserForm,ou=1.0,ou=DML,ou=Services,dc =bozo_company,dc=com objectClass: top objectClass: applicationProcess description:: cn: UserForm:#ID#UserForm:WPViewForm

dn: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com sn: clownadmin ou: People ou: Special Users cn: clownadmin objectClass: top objectClass: person objectClass: organizationalPerson userPassword: {SHA}ZC/bQou6tU8wl3TJ6dCoSasxgVA=

dn: uid=Replica,ou=People,dc=bozo_company,dc=com uid: Replica cn: Replica objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx shadowLastChange: 13761 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 22222 gidNumber: 100 homeDirectory: /tmp gecos: Replica userid for slave LDAP servers

dn: cn=david.m.barr,ou=People,dc=bozo_company,dc=com uid: david.m.barr sn: david.m.barr ou: People cn: david.m.barr objectClass: top objectClass: person objectClass: organizationalPerson objectClass: uidObject objectClass: pwdPolicyChecker objectClass: pwdPolicy pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX pwdAttribute: userPassword userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dn: cn=Test.user02,ou=People,dc=bozo_company,dc=com uid: Test.user02 sn: Test.user02 ou: People cn: Test.user02 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: uidObject objectClass: pwdPolicyChecker objectClass: pwdPolicy pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX pwdAttribute: userPassword pwdLockout: TRUE userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dn: cn=Test.user04,ou=People,dc=bozo_company,dc=com uid: Test.user04 sn: Test.user04 ou: People cn: Test.user04 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: uidObject userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dn: ou=Policies,dc=bozo_company,dc=com objectClass: top objectClass: organizationalUnit ou: Policies

dn: cn=Password Policy,ou=Policies,dc=bozo_company,dc=com objectClass: top objectClass: pwdPolicy objectClass: person description: The default password policy pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 3600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 5184000 pwdMaxFailure: 5 pwdMinAge: 3600 pwdMinLength: 5 pwdMustChange: TRUE pwdSafeModify: FALSE sn: Password Policy cn: Password Policy

dn: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com objectClass: top objectClass: organizationalUnit objectClass: pwdPolicy objectClass: pwdPolicyChecker ou: Standard Policy pwdAttribute: userPassword pwdCheckQuality: 2 pwdMaxFailure: 3 pwdMustChange: TRUE pwdSafeModify: TRUE pwdLockoutDuration: 0 pwdCheckModule: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com pwdAllowUserChange: TRUE description: Standard Password Policy pwdMaxAge: 7776002 pwdExpireWarning: 432000 pwdFailureCountInterval: 120 pwdMinLength: 14 pwdInHistory: 10 pwdGraceAuthNLimit: 0 pwdMinAge: 86400

dn: cn=accesslogname,dc=bozo_company,dc=com objectClass: top objectClass: person objectClass: organizationalPerson ou: accesslogname description: accesslog sn: accesslogname cn: accesslogname

dn: cn=john.d.doe,ou=People,dc=bozo_company,dc=com uid: john.d.doe sn: john.d.doe ou: People cn: john.d.doe objectClass: top objectClass: person objectClass: organizationalPerson objectClass: uidObject userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Anyone out there who can help?

-David dbc@usa.net

________________________________

CONFIDENTIALITY NOTICE: The information contained in this electronic mail (email) transmission (including attachments), is intended by MCLANE ADVANCED TECHNOLOGIES for the use of the named individual or entity to which it is addressed and may contain information that is privileged, confidential and/or protected as a trade secret. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee(s). If you have received this email in error, please delete it (including attachments) and any copies thereof without printing, copying or forwarding it, and notify the sender of the error by email reply immediately.