Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I import two LDIFs, first:
dn: ou=Policies,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Policies
and second
dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: top objectClass: pwdPolicy objectClass: person pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 2 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
The first loads OK. When I try to import the second, I receive this diagnostics:
Could not add object cn=default,ou=Policies,dc=itelsib,dc=com Message: Invalid syntax Error code: 0x15 (LDAP_INVALID_SYNTAX) Error description: An invalid attribute value was specified.
Could someone suggest what's wrong with the attribute name?
the ppolicy.schema is specified in /etc/slapd.conf.
Thanks. Sincerely, Konstantin
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
--Quanah
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
That appears to be the point.
See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sek... ... No results.
Also look for the ppolicy in: http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files ... It's not there.
Where did you get the schema and the libraries necessary?
FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Quanah Gibson-Mount quanah@zimbra.com Cc: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Wed Jan 12 23:38:54 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
13.01.2011 12:59, Chris Jacobs пишет:
That appears to be the point.
See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sek... ... No results.
Also look for the ppolicy in: http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files ... It's not there.
Where did you get the schema and the libraries necessary?
The ppolicy schema is provided by openldap-servers-2.3.43-12.el5_5.3.x86_64 RPM.
The overlays are provided by openldap-servers-overlays-2.3.43-12.el5_5.3 RPM.
The directives
modulepath /usr/lib64/openldap moduleload ppolicy.la overlay ppolicy ppolicy_default "cn=default,ou=Policies,dc=example,dc=com"
do not cause slaptest's protests.
FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)
The 2.3.* is the current version available from CentOS standard repositories.
Switching to 2.4.* (welcome, endless sequences of configure/make/make install) will only be the last resort if anything else fails. So far, the mentioned OpenLDAP works fine on both master and slave servers.
So, returning to the original question, is it possible to find why adding a dn fails? What's wrong with the syntax?
Sincerely, Konstantin
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Quanah Gibson-Mount quanah@zimbra.com Cc: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Wed Jan 12 23:38:54 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Perhaps try man slapo_ppolicy - it should hopefully provide the limits and acceptable values and compare with your ldif to find the cause of "Error description: An invalid attribute value was specified."
Alternative: reduce the number of attributes (divide and conquer) to find the culprit.
Perhaps also checking the schema file for the limits or acceptable values.
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Chris Jacobs Cc: 'openldap-technical@openldap.org' openldap-technical@openldap.org Sent: Thu Jan 13 00:11:17 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 12:59, Chris Jacobs пишет:
That appears to be the point.
See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sek... ... No results.
Also look for the ppolicy in: http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files ... It's not there.
Where did you get the schema and the libraries necessary?
The ppolicy schema is provided by openldap-servers-2.3.43-12.el5_5.3.x86_64 RPM.
The overlays are provided by openldap-servers-overlays-2.3.43-12.el5_5.3 RPM.
The directives
modulepath /usr/lib64/openldap moduleload ppolicy.la overlay ppolicy ppolicy_default "cn=default,ou=Policies,dc=example,dc=com"
do not cause slaptest's protests.
FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)
The 2.3.* is the current version available from CentOS standard repositories.
Switching to 2.4.* (welcome, endless sequences of configure/make/make install) will only be the last resort if anything else fails. So far, the mentioned OpenLDAP works fine on both master and slave servers.
So, returning to the original question, is it possible to find why adding a dn fails? What's wrong with the syntax?
Sincerely, Konstantin
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Quanah Gibson-Mount quanah@zimbra.com Cc: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Wed Jan 12 23:38:54 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Chris Jacobs wrote:
Perhaps try man slapo_ppolicy
The man page name is slapo-ppolicy(5).
- it should hopefully provide the limits and acceptable values and compare with your ldif to find the cause of "Error description: An invalid attribute value was specified."
Alternative: reduce the number of attributes (divide and conquer) to find the culprit.
Perhaps also checking the schema file for the limits or acceptable values.
Or check the archives, e.g. http://www.openldap.org/lists/openldap-software/200802/msg00337.html: for some time, in OpenLDAP 2.3, the pwdAttribute could only contain OIDs.
p.
13.01.2011 14:16, Pierangelo Masarati writes:
Chris Jacobs wrote:
Perhaps try man slapo_ppolicy
The man page name is slapo-ppolicy(5).
- it should hopefully provide the limits and acceptable values and
compare with your ldif to find the cause of "Error description: An invalid attribute value was specified."
Alternative: reduce the number of attributes (divide and conquer) to find the culprit.
Perhaps also checking the schema file for the limits or acceptable values.
Or check the archives, e.g. http://www.openldap.org/lists/openldap-software/200802/msg00337.html: for some time, in OpenLDAP 2.3, the pwdAttribute could only contain OIDs.
Thank you very much! After I changed the string to
pwdAttribute: 2.5.4.35
the import was a success. This problem's solved. So reading Web *can* be of more use than reading man pages only.
Sincerely, Konstantin
Konstantin Boyandin wrote:
Or check the archives, e.g. http://www.openldap.org/lists/openldap-software/200802/msg00337.html: for some time, in OpenLDAP 2.3, the pwdAttribute could only contain OIDs.
Thank you very much! After I changed the string to
pwdAttribute: 2.5.4.35
the import was a success. This problem's solved. So reading Web *can* be of more use than reading man pages only.
The archives of the OpenLDAP project are indeed part of the web. In order to get valuable information you need to be able to dig it out from tons of s**t, though.
p.
Pierangelo Masarati wrote:
Konstantin Boyandin wrote:
Or check the archives, e.g. http://www.openldap.org/lists/openldap-software/200802/msg00337.html: for some time, in OpenLDAP 2.3, the pwdAttribute could only contain OIDs.
Thank you very much! After I changed the string to
pwdAttribute: 2.5.4.35
the import was a success. This problem's solved. So reading Web *can* be of more use than reading man pages only.
The archives of the OpenLDAP project are indeed part of the web. In order to get valuable information you need to be able to dig it out from tons of s**t, though.
Indeed. In fact Dieter's answer was already 3 years out of date when he posted it. The issue in question is ITS#4025 which was fixed in September 2005 and released in OpenLDAP 2.3.8.
Pierangelo Masarati wrote:
Chris Jacobs wrote:
Perhaps try man slapo_ppolicy
The man page name is slapo-ppolicy(5).
- it should hopefully provide the limits and acceptable values and compare with your ldif to find the cause of "Error description: An invalid attribute value was specified."
Alternative: reduce the number of attributes (divide and conquer) to find the culprit.
Perhaps also checking the schema file for the limits or acceptable values.
Or check the archives, e.g. http://www.openldap.org/lists/openldap-software/200802/msg00337.html: for some time, in OpenLDAP 2.3, the pwdAttribute could only contain OIDs.
That issue was fixed long before 2.3.43, which he says he is running.
Chris Jacobs wrote:
That appears to be the point.
See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sek... ... No results.
Sounds like the search index is out of date. Still, all you have to do is go here
http://www.openldap.org/software/man.cgi?query=(5)&sektion=&apropos=...
and the manpage is there:
http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&sektion=5&a...
But better yet, just type "man 5 slapo-ppolicy" on your machine. Why people waste time searching the web when everything is on their local machine still boggles my mind.
Also look for the ppolicy in: http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files ... It's not there.
The Admin Guide was never intended to be an exhaustive reference - it is after all only a "guide". Every software component is documented in manpages. The manpages should always be the first place you look, not the Guide, and not the web.
Where did you get the schema and the libraries necessary?
FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.orgopenldap-technical-bounces@OpenLDAP.org To: Quanah Gibson-Mountquanah@zimbra.com Cc: openldap-technical@openldap.orgopenldap-technical@openldap.org Sent: Wed Jan 12 23:38:54 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Konstantin Boyandin wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I import two LDIFs, first:
dn: ou=Policies,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Policies
and second
dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: top objectClass: pwdPolicy objectClass: person pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 2 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
The first loads OK. When I try to import the second, I receive this diagnostics:
Could not add object cn=default,ou=Policies,dc=itelsib,dc=com Message: Invalid syntax Error code: 0x15 (LDAP_INVALID_SYNTAX) Error description: An invalid attribute value was specified.
Could someone suggest what's wrong with the attribute name?
OpenLDAP never produces the text you provided above. It seems you're using some other LDAP tool to do this import, and it is not showing you the actual error message sent from the server. OpenLDAP slapd will always identify the actual attribute and value that causes an error. I suggest you try importing this entry with OpenLDAP's ldapadd and examine the error message from there.
13.01.2011 13:39, Howard Chu writes:
Konstantin Boyandin wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I import two LDIFs, first:
dn: ou=Policies,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Policies
and second
dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: top objectClass: pwdPolicy objectClass: person pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 2 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
The first loads OK. When I try to import the second, I receive this diagnostics:
Could not add object cn=default,ou=Policies,dc=itelsib,dc=com Message: Invalid syntax Error code: 0x15 (LDAP_INVALID_SYNTAX) Error description: An invalid attribute value was specified.
Could someone suggest what's wrong with the attribute name?
OpenLDAP never produces the text you provided above. It seems you're using some other LDAP tool to do this import, and it is not showing you the actual error message sent from the server. OpenLDAP slapd will always identify the actual attribute and value that causes an error. I suggest you try importing this entry with OpenLDAP's ldapadd and examine the error message from there.
I tried importing with slapadd. The output:
str2entry: invalid value for attributeType pwdAttribute #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=22)
The error above refers to the allowed value of pwdAttribute, which can only be userPassword now.
The problem is the value for this attribute in LDIF *is* userPassword, as in the cited sample. I checked the LDIF - no 'invisible' characters around the value.
JFYI, I checked the values for the attributes using man page. This, and other references provided with packages is where I look first prior to asking on the Net.
Konstantin Boyandin wrote:
13.01.2011 13:39, Howard Chu writes:
Konstantin Boyandin wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I import two LDIFs, first:
dn: ou=Policies,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Policies
and second
dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: top objectClass: pwdPolicy objectClass: person pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 2 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 7776000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
The first loads OK. When I try to import the second, I receive this diagnostics:
Could not add object cn=default,ou=Policies,dc=itelsib,dc=com Message: Invalid syntax Error code: 0x15 (LDAP_INVALID_SYNTAX) Error description: An invalid attribute value was specified.
Could someone suggest what's wrong with the attribute name?
OpenLDAP never produces the text you provided above. It seems you're using some other LDAP tool to do this import, and it is not showing you the actual error message sent from the server. OpenLDAP slapd will always identify the actual attribute and value that causes an error. I suggest you try importing this entry with OpenLDAP's ldapadd and examine the error message from there.
I tried importing with slapadd. The output:
str2entry: invalid value for attributeType pwdAttribute #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=22)
The error above refers to the allowed value of pwdAttribute, which can only be userPassword now.
The problem is the value for this attribute in LDIF *is* userPassword, as in the cited sample. I checked the LDIF - no 'invisible' characters around the value.
Sounds like you don't actually have the ppolicy overlay configured on the database you're loading into. The pwdAttribute syntax handler is part of the ppolicy overlay and will only get installed if you configure the overlay on the target database.
JFYI, I checked the values for the attributes using man page. This, and other references provided with packages is where I look first prior to asking on the Net.
Am Thu, 13 Jan 2011 11:42:29 +0600 schrieb Konstantin Boyandin temmokan@gmail.com:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I import two LDIFs, first:
dn: ou=Policies,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Policies
and second
dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: top objectClass: pwdPolicy objectClass: person pwdAllowUserChange: TRUE pwdAttribute: userPassword
the OID of userPassword is required pwdAttribute: 2.5.4.35
-Dieter
openldap-technical@openldap.org
-
Chris Jacobs -
Dieter Kluenter -
Howard Chu -
Konstantin Boyandin -
Pierangelo Masarati -
Quanah Gibson-Mount