Hello,
How to enable 'pwdPolicySubentry' in ppolicy.schema, I added this into ppolicy.schema
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry'
DESC 'The pwdPolicy subentry in effect for this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
USAGE directoryOperation )
But after that my slapd do not started.
bash-2.05# /usr/local/libexec/slapd -h ldaps:/// -d 259
@(#) $OpenLDAP: slapd 2.4.16 (May 23 2009 06:45:03) $
steve@solaris9:/bigdisk/SOURCES/S9/openldap-2.4.16/servers/slapd
ldap_pvt_gethostbyname_a: host=rtps, r=0
daemon_init: listen on ldaps:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps:///)
daemon: listener initialized ldaps:///
daemon_init: 2 listeners opened
ldap_create
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
null_back_initialize: initialize null backend
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
bash-2.05#
should I upgrade openldap to the last ver ?
------------------------------------------------------------------------------- С уважением, Алексей Шалин
Системный Администратор Отдел системного администрирования
ЗАО "Межбанковский процессинговый центр" 720083, Кыргызская Республика г. Бишкек, ул. Ауэзова 1/2 тел.: +996 (312) 637738 (вн. 138) факс: +996 (312) 637748 e-mail: a.shalin@ipc.kg
Alexey Shalin wrote:
Hello,
How to enable 'pwdPolicySubentry' in ppolicy.schema, I added this into ppolicy.schema
Never modify the schema files distributed with OpenLDAP.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry' DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation )
But after that my slapd do not started.
Of course.
Schema files are only for defining user attributes. Operational attributes must be implemented in code and cannot be defined from a schema config file.
This particular attribute is already implemented in the ppolicy overlay so there is no need to define it again anyway.
should I upgrade openldap to the last ver ?
That would make no difference here, but it's always best to stay up to date.
openldap-technical@openldap.org