Hello,
How to enable 'pwdPolicySubentry' in ppolicy.schema, I added this into ppolicy.schema
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry'
DESC 'The pwdPolicy subentry in effect for this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
USAGE directoryOperation )
But after that my slapd do not started.
bash-2.05# /usr/local/libexec/slapd -h ldaps:/// -d 259
@(#) $OpenLDAP: slapd 2.4.16 (May 23 2009 06:45:03) $
steve@solaris9:/bigdisk/SOURCES/S9/openldap-2.4.16/servers/slapd
ldap_pvt_gethostbyname_a: host=rtps, r=0
daemon_init: listen on ldaps:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps:///)
daemon: listener initialized ldaps:///
daemon_init: 2 listeners opened
ldap_create
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
null_back_initialize: initialize null backend
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
bash-2.05#
should I upgrade openldap to the last ver ?
------------------------------------------------------------------------------- С уважением, Алексей Шалин
Системный Администратор Отдел системного администрирования
ЗАО "Межбанковский процессинговый центр" 720083, Кыргызская Республика г. Бишкек, ул. Ауэзова 1/2 тел.: +996 (312) 637738 (вн. 138) факс: +996 (312) 637748 e-mail: a.shalin@ipc.kg
Alexey Shalin wrote:
Hello,
How to enable 'pwdPolicySubentry' in ppolicy.schema, I added this into ppolicy.schema
Never modify the schema files distributed with OpenLDAP.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry' DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation )But after that my slapd do not started.
Of course.
Schema files are only for defining user attributes. Operational attributes must be implemented in code and cannot be defined from a schema config file.
This particular attribute is already implemented in the ppolicy overlay so there is no need to define it again anyway.
should I upgrade openldap to the last ver ?
That would make no difference here, but it's always best to stay up to date.
openldap-technical@openldap.org
-
Alexey Shalin -
Howard Chu