Hello all,
I'm trying to add a default password policy to my directory. I have set the following parameters in slapd.conf:
---- include /etc/ldap/schema/ppolicy.schema [...] moduleload ppolicy [...] backend hdb database hdb suffix "dc=example,dc=net" [...] # Password policy overlay ppolicy ppolicy_default "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ----
I have created the OU 'policies' just fine, but when I try to add a pwdPolicy object, i get the following error:
---- # ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net objectClass: pwdPolicy objectClass: top pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdInHistory: 2 pwdMaxFailure: 10 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMinLength: 6 EOF Enter LDAP Password: adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax ----
The Schema is properly loaded, the ppolicy.so module is in the path (ie, /usr/lib/ldap on debian). So, I'm out of ideas. Anything I've missed here ?
Thanks for your help, Julien
Am 13.09.2010 10:30, schrieb Julien Vehent:
Hello all,
I'm trying to add a default password policy to my directory. I have set the following parameters in slapd.conf:
include /etc/ldap/schema/ppolicy.schema [...] moduleload ppolicy [...] backend hdb database hdb suffix "dc=example,dc=net" [...] # Password policy overlay ppolicy ppolicy_default "cn=defaultpwpolicy,ou=policies,dc=example,dc=net"
I have created the OU 'policies' just fine, but when I try to add a pwdPolicy object, i get the following error:
# ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net objectClass: pwdPolicy objectClass: top pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdInHistory: 2 pwdMaxFailure: 10 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMinLength: 6 EOF Enter LDAP Password: adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
The Schema is properly loaded, the ppolicy.so module is in the path (ie, /usr/lib/ldap on debian). So, I'm out of ideas. Anything I've missed here ?
Thanks for your help, Julien
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Regards, Christian Manal
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manal moenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
---- # ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF
dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net cn: defaultpwpolicy sn: Default Password Policy objectClass: pwdPolicy objectClass: top objectClass: person pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdInHistory: 2 pwdMaxFailure: 10 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMinLength: 6 EOF
Enter LDAP Password: adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax ----
Julien
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manalmoenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
Also include the schema :
|include /opt/symas/etc/openldap/schema/ppolicy.schema|
in slapd.conf.
On Mon, 13 Sep 2010 11:34:56 +0200, Emmanuel Lecharny elecharny@gmail.com wrote:
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manalmoenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
Also include the schema :
|include /opt/symas/etc/openldap/schema/ppolicy.schema|
in slapd.conf.
Hi,
From my first email, ppolicy.schema is included:
--- include /etc/ldap/schema/ppolicy.schema ---
Julien
On Mon, 13 Sep 2010 11:34:56 +0200, Emmanuel Lecharnyelecharny@gmail.com wrote:
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manalmoenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
Also include the schema :
|include /opt/symas/etc/openldap/schema/ppolicy.schema|in slapd.conf.
Hi,
From my first email, ppolicy.schema is included:
include /etc/ldap/schema/ppolicy.schema
Uhhh.. My bad.
Check that you don't have extra space/tabs at the end of the ObjectClass attributeType in your ldif file.
Which version of OpenLDAP are you using ?
On Mon, 13 Sep 2010 13:12:15 +0200, Emmanuel Lecharny elecharny@gmail.com wrote:
On Mon, 13 Sep 2010 11:34:56 +0200, Emmanuel Lecharnyelecharny@gmail.com wrote:
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manalmoenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
Also include the schema :
|include /opt/symas/etc/openldap/schema/ppolicy.schema|in slapd.conf.
Hi,
From my first email, ppolicy.schema is included:
include /etc/ldap/schema/ppolicy.schema
Uhhh.. My bad.
Check that you don't have extra space/tabs at the end of the ObjectClass attributeType in your ldif file.
Which version of OpenLDAP are you using ?
# slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Aug 26 2010 18:33:04) $ root@monster:/tmp/buildd/openldap-2.4.23/debian/build/servers/slapd
It's not a space/tab problem, and I've tried to put the request in an ldif file and insert it, with the same result. It's definitely a constraint that's not satisfied... but which one ??
Julien
On Mon, Sep 13, 2010 at 5:07 PM, Julien Vehent julien@linuxwall.info wrote:
On Mon, 13 Sep 2010 13:12:15 +0200, Emmanuel Lecharny elecharny@gmail.com wrote:
On Mon, 13 Sep 2010 11:34:56 +0200, Emmanuel Lecharnyelecharny@gmail.com wrote:
On Mon, 13 Sep 2010 10:52:03 +0200, Christian Manalmoenoel@informatik.uni-bremen.de wrote:
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide:
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
Hi
I've tried to use add the 'person' object (core.schema is loaded), but I still obtain the same error
Also include the schema :
|include /opt/symas/etc/openldap/schema/ppolicy.schema|
in slapd.conf.
Hi,
From my first email, ppolicy.schema is included:
include /etc/ldap/schema/ppolicy.schema
Uhhh.. My bad.
Check that you don't have extra space/tabs at the end of the ObjectClass attributeType in your ldif file.
Which version of OpenLDAP are you using ?
# slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Aug 26 2010 18:33:04) $ root@monster:/tmp/buildd/openldap-2.4.23/debian/build/servers/slapd
It's not a space/tab problem, and I've tried to put the request in an ldif file and insert it, with the same result. It's definitely a constraint that's not satisfied... but which one ??
think it is reproducible cause I have got the same error when I followed the above steps 'error code 21 - pwdAttribute: value #0 invalid per syntax'
I have built OpenLDAP version 2.4.23 on Ubuntu 9.04 with berkeley db version 4.7.25
Kiran Ayyagari
On Monday, 13 September 2010 09:30:14 Julien Vehent wrote:
I have created the OU 'policies' just fine, but when I try to add a pwdPolicy object, i get the following error:
(the <<EOF isn't necessary, if you don't specify an input file, ldapadd etc. will use stdin by default, just use CTRL-D to terminate the input in place of the EOF)
# ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net objectClass: pwdPolicy objectClass: top pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdInHistory: 2 pwdMaxFailure: 10 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMinLength: 6 EOF Enter LDAP Password: adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Are you sure that you don't have any invalid characters on the: objectClass: pwdPolicy line ? For example, trailing white space is often a cause of this problem. You may want to use an ldif file, and attach it to any reply (as trailing space is easily missed if copying/pasting text into the stdin of ldapadd and/or email client)
(your ldif above does still need a suitable structural objectclass, but it is not the cause of the error message above).
Regards, Buchan
On 9/16/10 12:12 PM, Buchan Milne wrote:
On Monday, 13 September 2010 09:30:14 Julien Vehent wrote:
I have created the OU 'policies' just fine, but when I try to add a pwdPolicy object, i get the following error:
(the<<EOF isn't necessary, if you don't specify an input file, ldapadd etc. will use stdin by default, just use CTRL-D to terminate the input in place of the EOF)
# ldapadd -x -D cn=admin,dc=example,dc=net -W<< EOF dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net objectClass: pwdPolicy objectClass: top pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdInHistory: 2 pwdMaxFailure: 10 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMinLength: 6 EOF Enter LDAP Password: adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Are you sure that you don't have any invalid characters on the: objectClass: pwdPolicy line ? For example, trailing white space is often a cause of this problem. You may want to use an ldif file, and attach it to any reply (as trailing space is easily missed if copying/pasting text into the stdin of ldapadd and/or email client)
(your ldif above does still need a suitable structural objectclass, but it is not the cause of the error message above).
FYI, Kiran Ayyagari was able to reproduce the same issue using Apache Directory Studio, ie the problem is not in the LDIF file...
openldap-technical@openldap.org
-
Buchan Milne -
Christian Manal -
Emmanuel Lecharny -
Julien Vehent -
Kiran Ayyagari