Hi,

I installed openldap 2.4.40 on ubuntu 12.04LTS

I enabled ppolicy while configuring the installation.
./configure --enable-hdb --enable-ppolicy --enable-syncprov --with-tls

I want to specify a password check module (to check for minimum upper cases, lower cases, digits, etc). 

I got the module from http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password

I created a password policy very similar to the one given in the documentation:

dn: cn=default,ou=policies,dc=example,dc=com 
cn: default 
objectClass: pwdPolicy 
objectClass: person 
objectClass: top 
pwdAllowUserChange: TRUE 
pwdAttribute: userPassword 
pwdCheckQuality: 
​1
pwdCheckModule: check_password.so​
pwdExpireWarning: 600
pwdFailureCountInterval: 30 
pwdGraceAuthNLimit:
​0​
 
pwdInHistory: 5
​3​
pwdLockout: TRUE 
pwdLockoutDuration:
​60​
pwdMaxAge: 
​1200​
pwdMaxFailure: 
​3​
pwdMinAge: 0 
pwdMinLength: 
​8​
pwdMustChange: FALSE 
pwdSafeModify: FALSE 
sn: dummy value


​slapd.conf:

modulepath /usr/local/lib
moduleload check_password.so​



​While adding this password policy to ldap, I get the error:

​ldap_add: Object class violation (65)
             attribute info: attribute 'pwdCheckModule' not allowed

The log level is 256 and doesn't say much besides giving the same error.

Let me know where I have gone wrong.


-Guruprasad