2:29 a.m.
Hi,
I've installed the ppolicy overlay (static), included the shema, loaded
the policy to the directory and define it as the default policy.
However, to check the policy I've changed a user's password, below the
minimum length specified by the policy, and no error was issued.
I've used ldappasswd and Apache Directory Studio to change it and none
issued no error. Although I did it with the root user, I suppose the
policy
should issue an error just the same, because I was changing another
user's password.
What am I missing, here ?
Thank you in advance
A transmiss�o de mensagens por e-mail n�o � absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destru�da, chegar ao destinat�rio com
atraso, ou mesmo com v�rus, n�o obstante o IFAP utilizar software anti-v�rus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informa��o confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinat�rios. Se n�o for o
destinat�rio pretendido, informamos que a recebeu por engano, pelo que, qualquer
utiliza��o, distribui��o, reencaminhamento ou outra forma de revela��o a terceiros,
impress�o ou c�pia s�o expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema inform�tico.
O IFAP declina qualquer responsabilidade por erros ou omiss�es na presente mensagem e
eventuais consequ�ncias, que resultem das situa��es referidas.
2:50 a.m.
2014-03-05 11:29 GMT+01:00 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>:
Hi,
I've installed the ppolicy overlay (static), included the shema, loaded
the policy to the directory and define it as the default policy.
However, to check the policy I've changed a user's password, below the
minimum length specified by the policy, and no error was issued.
I've used ldappasswd and Apache Directory Studio to change it and none
issued no error. Although I did it with the root user, I suppose the policy
should issue an error just the same, because I was changing another user's
password.
What am I missing, here ?
The root user is not affected by ppolicy. Change the password as user.
Clément.
2:58 a.m.
I know that the policy doesn't apply to the root user, but I'm not changing the
root user password, I'm changing the password of another user.
Surely the policy should apply !
________________________________
De: Clément OUDOT [mailto:clem.oudot@gmail.com]
Enviada: quarta-feira, 5 de Março de 2014 10:50
Para: Rodrigo Coutinho
Cc: openldap-technical(a)openldap.org
Assunto: Re: ppolicy not verifying password length (not active !!)
2014-03-05 11:29 GMT+01:00 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>:
Hi,
I've installed the ppolicy overlay (static), included the shema, loaded the policy to
the directory and define it as the default policy.
However, to check the policy I've changed a user's password, below the minimum
length specified by the policy, and no error was issued.
I've used ldappasswd and Apache Directory Studio to change it and none issued no
error. Although I did it with the root user, I suppose the policy
should issue an error just the same, because I was changing another user's password.
What am I missing, here ?
The root user is not affected by ppolicy. Change the password as user.
Clément.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
3:21 a.m.
2014-03-05 11:58 GMT+01:00 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>:
I know that the policy doesn't apply to the root user, but
I'm not
changing the root user password, I'm changing the password of another user.
Surely the policy should apply !
No it does'nt. Root access to change any user password will ignore ppolicy.
3:33 a.m.
Ok, thank you for the information, but I must confess that I am a bit shocked, as that
implies I can have a directory full of non compliant passwords.
So, that begs the question: How do we prevent this ? What is the normal/standard way ?
Should one create another user with administrative privileges and use it to change
passwords when needed ?
________________________________
De: Clément OUDOT [mailto:clem.oudot@gmail.com]
Enviada: quarta-feira, 5 de Março de 2014 11:21
Para: Rodrigo Coutinho
Cc: openldap-technical(a)openldap.org
Assunto: Re: ppolicy not verifying password length (not active !!)
2014-03-05 11:58 GMT+01:00 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>:
I know that the policy doesn't apply to the root user, but I'm not changing the
root user password, I'm changing the password of another user.
Surely the policy should apply !
No it does'nt. Root access to change any user password will ignore ppolicy.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
4:06 a.m.
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Ok, thank you for the information, but I must confess that I am a
bit
shocked, as that implies I can have a directory full of non compliant
passwords.
So, that begs the question: How do we prevent this ? What is the
normal/standard way ?
Mantra to be repeated thousands of times:
Never use rootdn to bind.
Should one create another user with administrative privileges and use
it to
change passwords when needed ?
Yes.
Ciao, Michael.
8:06 p.m.
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Ok, thank you for the information, but I must confess that I am a
bit
shocked, as that implies I can have a directory full of non compliant
passwords.
So, that begs the question: How do we prevent this ? What is the
normal/standard way ?
Mantra to be repeated thousands of times:
Never use rootdn to bind.
Should one create another user with administrative privileges and use
it to
change passwords when needed ?
Yes.
Ciao, Michael.
12:40 a.m.
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
________________________________
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Ok, thank you for the information, but I must confess that I am a
bit
shocked, as that implies I can have a directory full of non compliant
passwords.
So, that begs the question: How do we prevent this ? What is the
normal/standard way ?
Mantra to be repeated thousands of times:
Never use rootdn to bind.
Should one create another user with administrative privileges and use
it to
change passwords when needed ?
Yes.
Ciao, Michael.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
2:17 a.m.
Could you please share the steps with commands. This probably will help me.
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho
<Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
> Ok, thank you for the information, but I must confess that I am a bit
> shocked, as that implies I can have a directory full of non compliant
> passwords.
>
> So, that begs the question: How do we prevent this ? What is the
> normal/standard way ?
Mantra to be repeated thousands of times:
Never use rootdn to bind.
> Should one create another user with administrative privileges and use it to
> change passwords when needed ?
Yes.
Ciao, Michael.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
4:12 a.m.
Hi,
in this struggle of implementing OpenLdap for the first time, without any knowledge
whatsoever, I found this book:
http://tazlambert.files.wordpress.com/2008/05/packtpublishingmasteringope...
In case of the password policy, I more or less followed it from page 320, onwards.
Hope that helps you.
________________________________
De: Saurabh Ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 10:17
Para: Rodrigo Coutinho
Cc: <openldap-technical(a)openldap.org>
Assunto: Re: ppolicy not verifying password length (not active !!)
Could you please share the steps with commands. This probably will help me.
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
________________________________
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Ok, thank you for the information, but I must confess that I am a
bit
shocked, as that implies I can have a directory full of non compliant
passwords.
So, that begs the question: How do we prevent this ? What is the
normal/standard way ?
Mantra to be repeated thousands of times:
Never use rootdn to bind.
Should one create another user with administrative privileges and use
it to
change passwords when needed ?
Yes.
Ciao, Michael.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
5:17 a.m.
Thanks. I am also newbee in open ldap. As password policy did not worked in 2.4.23 I
installed another instance of 2.4.39. But stuck with SSL in this version 😄
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 8:12 pm, Rodrigo Coutinho
<Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi,
in this struggle of implementing OpenLdap for the first time, without any knowledge
whatsoever, I found this book:
http://tazlambert.files.wordpress.com/2008/05/packtpublishingmasteringope...
In case of the password policy, I more or less followed it from page 320, onwards.
Hope that helps you.
De: Saurabh Ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 10:17
Para: Rodrigo Coutinho
Cc: <openldap-technical(a)openldap.org>
Assunto: Re: ppolicy not verifying password length (not active !!)
Could you please share the steps with commands. This probably will help me.
Regards
Sam
Sent from my iPhone
> On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt> wrote:
>
> Hi again,
>
> I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
>
> Still in shock though, that the root user can mess up the other users data.
>
>
> Regards
>
>
> De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
> Enviada: quinta-feira, 6 de Março de 2014 04:06
> Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
> Assunto: Re: ppolicy not verifying password length (not active !!)
>
> I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
>
> really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
>
> Regards
> Sam
>
>
> On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com>
wrote:
> On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
> wrote
> > Ok, thank you for the information, but I must confess that I am a bit
> > shocked, as that implies I can have a directory full of non compliant
> > passwords.
> >
> > So, that begs the question: How do we prevent this ? What is the
> > normal/standard way ?
>
> Mantra to be repeated thousands of times:
>
> Never use rootdn to bind.
>
>
> > Should one create another user with administrative privileges and use it to
> > change passwords when needed ?
>
>
> Yes.
>
> Ciao, Michael.
>
>
>
>
>
> A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
> Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação
confidencial ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não
for o destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
> O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
9:21 p.m.
New subject: missing ppolicy.la
Hi All,
i am getting following error while loading the ppolicy.ldif file.
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f ppolicy.ldif -H
ldaps://xxx.xxx.xxx
Enter LDAP Password:
adding new entry "ou=Policies,dc=example,dc=com"
adding new entry "cn=Standard,ou=Policies,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: pwdMinAge: value #0 invalid per syntax
My ppolicy.ldif file looks like this:
dn: ou=Policies,dc=example,dc=com
ou: Policies
description: Directory policies.
objectclass: organizationalUnit
dn: cn=Standard,ou=Policies,dc=example,dc=com
objectclass: top
cn: Standard
pwdAttribute: 2.5.4.35
pwdMinAge: 86400
# 30 days: 60 sec * 60 min * 24 hr * 30 days
pwdMaxAge: 2592000
pwdCheckQuality: 1
pwdMinLength: 8
# Warn three days in advance
pwdExpireWarning: 432000
pwdGraceAuthNLimit: 3
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE
objectclass: device
objectclass: pwdPolicy
I goggled above error and most of them pointed put that either ppolicy.la is not loaded
properly or schema is not defined.
I tried location ppolicy.la in my system and was not able to find. I installed
the openldap-ltb-2.4.39-2.el6.x86_64 version on RHEL6.5
Not sure if .la file was not included then why slapd.conf did not gave error when i loaded
and restarted the ldap. Also is it possible that installation does not copy the .la file.
# Load dynamic backend modules:
modulepath /usr/local/openldap/libexec/openldap
moduleload back_bdb.la
moduleload ppolicy.la
# moduleload back_hdb.la
# moduleload back_ldap.la
Please help!!
Regards
Sam
On Friday, 7 March 2014 3:01 AM, Saurabh Ohri <sam_ohri(a)yahoo.co.in> wrote:
Thanks. I am also newbee in open ldap. As password policy did not worked in 2.4.23 I
installed another instance of 2.4.39. But stuck with SSL in this version 😄
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 8:12 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi,
in this struggle of implementing OpenLdap for the
first time, without any knowledge whatsoever, I found this
book:
http://tazlambert.files.wordpress.com/2008/05/packtpublishingmasteringope...
In case of the password policy, I more or less followed
it from page 320, onwards.
Hope that helps you.
________________________________
De: Saurabh Ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 10:17
Para: Rodrigo Coutinho
Cc: <openldap-technical(a)openldap.org>
Assunto: Re: ppolicy not
verifying password length (not active !!)
Could you please share the steps with commands. This probably will help
me.
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt wrote:
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
________________________________
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Should one create another user with administrative
privileges and use it to
Ok, thank you for the information, but I
must confess that I
am a bit
shocked, as that implies I can
have a directory full of non
compliant
passwords.
So, that begs the question: How do we
prevent this ? What is the
normal/standard way
?
Mantra to be repeated thousands of
times:
Never use rootdn to bind.
change passwords when needed ?
Yes.
Ciao, Michael.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos,
pode conter informação confidencial ou privilegiada e destina-se a uso
exclusivo dos seus destinatários. Se não for o destinatário pretendido,
informamos que a recebeu por engano, pelo que, qualquer utilização,
distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por
engano, por favor contacte imediatamente o remetente por e-mail, e apague de
imediato a mensagem do seu sistema informático.
O IFAP declina qualquer
responsabilidade por erros ou omissões na presente mensagem e eventuais
consequências, que resultem das situações referidas.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
10:28 p.m.
New subject: missing ppolicy.la
Hi All,
It seems it worked fine after deleting the pwdMinAge. Please suggest if i am doing
anything wrong.
pwdMinAge: 86400(1 day)
Regards
Sam
On Monday, 10 March 2014 12:51 PM, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
Hi All,
i am getting following error while loading the ppolicy.ldif file.
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f ppolicy.ldif -H
ldaps://xxx.xxx.xxx
Enter LDAP Password:
adding new entry "ou=Policies,dc=example,dc=com"
adding new entry "cn=Standard,ou=Policies,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: pwdMinAge: value #0 invalid per syntax
My ppolicy.ldif file looks like this:
dn: ou=Policies,dc=example,dc=com
ou: Policies
description: Directory policies.
objectclass: organizationalUnit
dn: cn=Standard,ou=Policies,dc=example,dc=com
objectclass: top
cn: Standard
pwdAttribute: 2.5.4.35
pwdMinAge: 86400
# 30 days: 60 sec * 60 min * 24 hr * 30 days
pwdMaxAge: 2592000
pwdCheckQuality: 1
pwdMinLength: 8
# Warn three days in advance
pwdExpireWarning: 432000
pwdGraceAuthNLimit: 3
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE
objectclass: device
objectclass: pwdPolicy
I goggled above error and most of them pointed put that either ppolicy.la is not loaded
properly or schema is not defined.
I tried location ppolicy.la in my system and was not able to find. I installed
the openldap-ltb-2.4.39-2.el6.x86_64 version on RHEL6.5
Not sure if .la file was not included then why slapd.conf did not gave error when i loaded
and restarted the ldap. Also is it possible that installation does not copy the .la file.
# Load dynamic backend modules:
modulepath /usr/local/openldap/libexec/openldap
moduleload back_bdb.la
moduleload ppolicy.la
# moduleload back_hdb.la
# moduleload back_ldap.la
Please help!!
Regards
Sam
On Friday, 7 March 2014 3:01 AM, Saurabh Ohri <sam_ohri(a)yahoo.co.in> wrote:
Thanks. I am also newbee in open ldap. As password policy did not worked in 2.4.23 I
installed another instance of 2.4.39. But stuck with SSL in this version 😄
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 8:12 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi,
in this struggle of implementing OpenLdap for the
first time, without any knowledge whatsoever, I found this
book:
http://tazlambert.files.wordpress.com/2008/05/packtpublishingmasteringope...
In case of the password policy, I more or less followed
it from page 320, onwards.
Hope that helps you.
________________________________
De: Saurabh Ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 10:17
Para: Rodrigo Coutinho
Cc: <openldap-technical(a)openldap.org>
Assunto: Re: ppolicy not
verifying password length (not active !!)
Could you please share the steps with commands. This probably will help
me.
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt wrote:
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
________________________________
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Should one create another user with administrative
privileges and use it to
Ok, thank you for the information, but I
must confess that I
am a bit
shocked, as that implies I can
have a directory full of non
compliant
passwords.
So, that begs the question: How do we
prevent this ? What is the
normal/standard way
?
Mantra to be repeated thousands of
times:
Never use rootdn to bind.
change passwords when needed ?
Yes.
Ciao, Michael.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos,
pode conter informação confidencial ou privilegiada e destina-se a uso
exclusivo dos seus destinatários. Se não for o destinatário pretendido,
informamos que a recebeu por engano, pelo que, qualquer utilização,
distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por
engano, por favor contacte imediatamente o remetente por e-mail, e apague de
imediato a mensagem do seu sistema informático.
O IFAP declina qualquer
responsabilidade por erros ou omissões na presente mensagem e eventuais
consequências, que resultem das situações referidas.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
12:17 a.m.
New subject: missing ppolicy.la
Hi All,
Please help as password policy implementation policy not working. I tried changing the
password of a user and new password was having only 5 characters and it should not allow
to change it. I have defined min len as 8 characters.
ldappasswd -x -W -D "cn=Manager,dc=example,dc=com" -H
ldaps://xxx.xxx.xxx.example.com -s new -a Welcome123
"uid=tuser,ou=Users,dc=example,dc=com"
Enter LDAP Password:
[root@xxx-xxx-xxx openldap
Please suggest.
Regards
Sam
On Monday, 10 March 2014 1:28 PM, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
Hi All,
It seems it worked fine after deleting the pwdMinAge. Please suggest if i am doing
anything wrong.
pwdMinAge: 86400(1 day)
Regards
Sam
On Monday, 10 March 2014 12:51 PM, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
Hi All,
i am getting following error while loading the ppolicy.ldif file.
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f ppolicy.ldif -H
ldaps://xxx.xxx.xxx
Enter LDAP Password:
adding new entry "ou=Policies,dc=example,dc=com"
adding new entry "cn=Standard,ou=Policies,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: pwdMinAge: value #0 invalid per syntax
My ppolicy.ldif file looks like this:
dn: ou=Policies,dc=example,dc=com
ou: Policies
description: Directory policies.
objectclass: organizationalUnit
dn: cn=Standard,ou=Policies,dc=example,dc=com
objectclass: top
cn: Standard
pwdAttribute: 2.5.4.35
pwdMinAge: 86400
# 30 days: 60 sec * 60 min * 24 hr * 30 days
pwdMaxAge: 2592000
pwdCheckQuality: 1
pwdMinLength: 8
# Warn three days in advance
pwdExpireWarning: 432000
pwdGraceAuthNLimit: 3
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE
objectclass: device
objectclass: pwdPolicy
I goggled above error and most of them pointed put that either ppolicy.la is not loaded
properly or schema is not defined.
I tried location ppolicy.la in my system and was not able to find. I installed
the openldap-ltb-2.4.39-2.el6.x86_64 version on RHEL6.5
Not sure if .la file was not included then why slapd.conf did not gave error when i loaded
and restarted the ldap. Also is it possible that installation does not copy the .la file.
# Load dynamic backend modules:
modulepath /usr/local/openldap/libexec/openldap
moduleload back_bdb.la
moduleload ppolicy.la
# moduleload back_hdb.la
# moduleload back_ldap.la
Please help!!
Regards
Sam
On Friday, 7 March 2014 3:01 AM, Saurabh Ohri <sam_ohri(a)yahoo.co.in> wrote:
Thanks. I am also newbee in open ldap. As password policy did not worked in 2.4.23 I
installed another instance of 2.4.39. But stuck with SSL in this version 😄
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 8:12 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt> wrote:
Hi,
in this struggle of implementing OpenLdap for the
first time, without any knowledge whatsoever, I found this
book:
http://tazlambert.files.wordpress.com/2008/05/packtpublishingmasteringope...
In case of the password policy, I more or less followed
it from page 320, onwards.
Hope that helps you.
________________________________
De: Saurabh Ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 10:17
Para: Rodrigo Coutinho
Cc: <openldap-technical(a)openldap.org>
Assunto: Re: ppolicy not
verifying password length (not active !!)
Could you please share the steps with commands. This probably will help
me.
Regards
Sam
Sent from my iPhone
On 6 Mar 2014, at 4:40 pm, Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt wrote:
Hi again,
I did create another user, gave it the proper permissions via ACL, and it worked, the
policy was enforced when I tried to change another user's password.
Still in shock though, that the root user can mess up the other users data.
Regards
________________________________
De: saurabh ohri [mailto:sam_ohri@yahoo.co.in]
Enviada: quinta-feira, 6 de Março de 2014 04:06
Para: Michael Ströder; openldap-technical(a)openldap.org; Rodrigo Coutinho
Assunto: Re: ppolicy not verifying password length (not active !!)
I Also stuck in this issue. My password policy was not working on openldap 2.4.23 so
someone suggested me to upgrade as this is the older version. So i upgraded it to 2.4.39
but struggling to get SSL work for openssl.
really shock to see that there is no proper document for the installation and
configuration. 2.4.39 have to be configured from source and not rpm so facing hell lot of
issue.
Regards
Sam
On Wednesday, 5 March 2014 8:31 PM, Michael Ströder <michael(a)stroeder.com> wrote:
On Wed, 5 Mar 2014 11:33:51 +0000 Rodrigo Coutinho <Rodrigo.Coutinho(a)ifap.pt>
wrote
Should one create another user with administrative
privileges and use it to
Ok, thank you for the information, but I
must confess that I
am a bit
shocked, as that implies I can
have a directory full of non
compliant
passwords.
So, that begs the question: How do we
prevent this ? What is the
normal/standard way
?
Mantra to be repeated thousands of
times:
Never use rootdn to bind.
change passwords when needed ?
Yes.
Ciao, Michael.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos,
pode conter informação confidencial ou privilegiada e destina-se a uso
exclusivo dos seus destinatários. Se não for o destinatário pretendido,
informamos que a recebeu por engano, pelo que, qualquer utilização,
distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por
engano, por favor contacte imediatamente o remetente por e-mail, e apague de
imediato a mensagem do seu sistema informático.
O IFAP declina qualquer
responsabilidade por erros ou omissões na presente mensagem e eventuais
consequências, que resultem das situações referidas.
________________________________
A transmissão de mensagens por e-mail não é absolutamente segura ou livre de erros. A
mensagem pode ser intercetada, alterada, perdida, destruída, chegar ao destinatário com
atraso, ou mesmo com vírus, não obstante o IFAP utilizar software anti-vírus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informação confidencial
ou privilegiada e destina-se a uso exclusivo dos seus destinatários. Se não for o
destinatário pretendido, informamos que a recebeu por engano, pelo que, qualquer
utilização, distribuição, reencaminhamento ou outra forma de revelação a terceiros,
impressão ou cópia são expressamente proibidos. Se recebeu esta mensagem por engano, por
favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do
seu sistema informático.
O IFAP declina qualquer responsabilidade por erros ou omissões na presente mensagem e
eventuais consequências, que resultem das situações referidas.
2:26 a.m.
On 06.03.2014 09:40, Rodrigo Coutinho wrote:
Still in shock though, that the root user can mess up the other users
data.
This I find strange. "Root" or "the superuser" or whatever having full
access it the norm in many systems, like Unix, and is for "special use"
by qualified personnel only.
My understanding at least is that the rootdn account, (don't confuse it
with the unix root account, we're talking about the special rootdn
account with total control of the OpenLDAP server only), is there so you
can use it while setting up the system since there is no LDAP user to
use, and no access rights to give, before you have created it.
Then, when you have set up the LDAP server database and a user with
sufficient access right, you should disable the rootdn user.
But there are many guides out there in google-land (and maybe in
openldap.org too) that might confuse people. The rootdn account is a
special "virtual" account. It doesn't even exist in the LDAP data tree
(though you can duplicate it). Actually, I usually set its name to the
same as the suffix since I find that making it clearer that it is not a
real user account than if you use the common rootdn
"cn=Manager,dc=<MY-DOMAIN>,dc=<COM>".
---
This email is free from viruses and malware because avast! Antivirus protection is
active.
http://www.avast.com
8:18 a.m.
On 06-03-14 05:06, saurabh ohri wrote:
[snip]
really shock to see that there is no proper document for the
Documentation like the Admin Guide, the man pages and the FAQ are all
easily available on openldap.org:
http://www.openldap.org/doc/
http://www.openldap.org/software/man.cgi
http://www.openldap.org/faq/data/cache/1.html
installation and configuration. 2.4.39 have to be configured from
source
and not rpm so facing hell lot of issue.
Installation instructions are in the OpenLDAP source INSTALL file:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=INSTALL;...
If you need RPMs, did you Google or search the list archives where it's
mentioned many times?
The LTB Project maintains OpenLDAP RPM packages:
http://tools.ltb-project.org/news/46
And Symas provides OpenLDAP RPM packages and services for the
Enterprise: https://symas.com/products/symas-openldap-directory/
Cheers,
Patrick
12:22 a.m.
Thanks Patrick. It helped me to very much extend but again getting stuck in pushing
password policy on openldap. I got stuck in 2.4.23 and upgraded to 2.4.39. But still it
is an issue.
test 1: Changing the password of user without meeting pwdMinLength attribute. But test got
failed.
ldappasswd -x -W -D "cn=Manager,dc=example,dc=com" -H
ldaps://xxx-xxx-xxx.example.com -s new -a Welcome123
"uid=tuser,ou=Users,dc=example,dc=com"
Enter LDAP Password:
[root@xxx-xxx-xxx openldap]#
Ploicy is as follow:
# Policies, j.cinglevue.com
dn: ou=Policies,dc=j,dc=cinglevue,dc=com
ou: Policies
description: Directory policies.
objectClass: organizationalUnit
# Standard, Policies, j.cinglevue.com
dn: cn=Standard,ou=Policies,dc=j,dc=cinglevue,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard
pwdAttribute: userPassword
pwdMaxAge: 2592000
pwdCheckQuality: 1
pwdMinLength: 8
pwdExpireWarning: 432000
pwdGraceAuthNLimit: 3
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 3
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE
Not able to found ppolicy.la in my system but copied the same from previous version. Hope
that id not effecting.
Regards
sam
On Friday, 7 March 2014 12:48 AM, Patrick Laimbock <patrick(a)laimbock.com> wrote:
On 06-03-14 05:06, saurabh ohri wrote:
[snip]
really shock to see that there is no proper document for the
Documentation like the Admin Guide, the man pages and the FAQ are all
easily available on openldap.org:
http://www.openldap.org/doc/
http://www.openldap.org/software/man.cgi
http://www.openldap.org/faq/data/cache/1.html
installation and configuration. 2.4.39 have to be configured from
source
and not rpm so facing hell lot of issue.
Installation instructions are in the OpenLDAP source INSTALL file:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=INSTALL;...
If you need RPMs, did you Google or search the list archives where it's
mentioned many times?
The LTB Project maintains OpenLDAP RPM packages:
http://tools.ltb-project.org/news/46
And Symas provides OpenLDAP RPM packages and services for the
Enterprise: https://symas.com/products/symas-openldap-directory/
Cheers,
Patrick
9:30 a.m.
--On Monday, March 10, 2014 4:22 PM +0800 saurabh ohri
<sam_ohri(a)yahoo.co.in> wrote:
Thanks Patrick. It helped me to very much extend but again getting stuck
in pushing password policy on openldap. I got stuck in 2.4.23 and
upgraded to 2.4.39. But still it is an issue.
Not able to found ppolicy.la in my system but copied the same from
previous version. Hope that id not effecting.
That is not ok. You need to build ppolicy with your 2.4.39 build, and use
that verison of the module.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
6:40 p.m.
Thanks Quanah for the reply. Does that mean that i need to rebuild the openldap server or
just download the ppolicy.la for 2.4.39 version. I
installed openldap-ltb-2.4.39-2.el6.x86_64 on rhel6.5.
Please suggest.
Regards
Saurabh
9818925959
On Tuesday, 11 March 2014 12:59 AM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
--On Monday, March 10, 2014 4:22 PM +0800 saurabh ohri
<sam_ohri(a)yahoo.co.in> wrote:
Thanks Patrick. It helped me to very much extend but again getting stuck
in pushing password policy on openldap. I got stuck in 2.4.23 and
upgraded to 2.4.39. But still it is an issue.
Not able to found ppolicy.la in my system but copied the same from
previous version. Hope that id not effecting.
That is not ok. You need to build ppolicy with your 2.4.39 build, and use
that verison of the module.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
9:46 p.m.
Hi Quanah/Patrick/All,
Regards
Saurabh
9818925959
On Tuesday, 11 March 2014 9:40 AM, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
Thanks Quanah for the reply. Does that mean that i need to rebuild the openldap server or
just download the ppolicy.la for 2.4.39 version. I
installed openldap-ltb-2.4.39-2.el6.x86_64 on rhel6.5.
Please suggest.
Regards
Saurabh
9818925959
On Tuesday, 11 March 2014 12:59 AM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
--On Monday, March 10, 2014 4:22 PM +0800 saurabh ohri
<sam_ohri(a)yahoo.co.in> wrote:
Thanks Patrick. It helped me to very much extend but again getting stuck
in pushing password policy on openldap. I got stuck in 2.4.23 and
upgraded to 2.4.39. But still it is an issue.
Not able to found ppolicy.la in my system but copied the same from
previous
version. Hope that id not effecting.
That is not ok. You need to build ppolicy with your 2.4.39 build, and use
that verison of the module.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
9:49 p.m.
Hi quanah/Patrick,
I installed openldap ltb project on a new server as mentioned and following are the list
of packages which are currently present but still cannot see ppolicy.la in my system,
[root@xxx-xxx-xxx ~]# rpm -qa|grep openldap
openldap-ltb-debuginfo-2.4.39-2.el6.x86_64
openldap-clients-2.4.23-34.el6_5.1.x86_64
openldap-2.4.23-34.el6_5.1.x86_64
openldap-ltb-check-password-1.1-8.el6.x86_64
openldap-ltb-2.4.39-2.el6.x86_64
openldap-ltb-contrib-overlays-2.4.39-2.el6.x86_64
Please suggest. Is that i am doing something wrong?
Regards
Sam
On Tuesday, 11 March 2014 10:07 AM, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
Thanks Quanah for the reply. Does that mean that i need to rebuild the openldap server or
just download the ppolicy.la for 2.4.39 version. I
installed openldap-ltb-2.4.39-2.el6.x86_64 on rhel6.5.
Please suggest.
Regards
Saurabh
9818925959
On Tuesday, 11 March 2014 12:59 AM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
--On Monday, March 10, 2014 4:22 PM +0800 saurabh ohri
<sam_ohri(a)yahoo.co.in> wrote:
Thanks Patrick. It helped me to very much extend but again getting stuck
in pushing password policy on openldap. I got stuck in 2.4.23 and
upgraded to 2.4.39. But still it is an issue.
Not able to found ppolicy.la in my system but copied the same from
previous
version. Hope that id not effecting.
That is not ok. You need to build ppolicy with your 2.4.39 build, and use
that verison of the module.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
3552
days inactive
3558
days old
openldap-technical@openldap.org
20 comments
8 participants
participants (8)
-
Clément OUDOT -
Michael Ströder -
Patrick Laimbock -
Quanah Gibson-Mount -
Rodrigo Coutinho -
saurabh ohri -
Saurabh Ohri
-
Terje Trane