ppolicy with Solaris 10 - openldap-technical

13 Jul 2011


      My slapd.conf file is as follow
# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      ppolicy.la
# moduleload    /usr/local/libexec/openldap/ppolicy.so
# modulepath    /usr/local/libexec/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
and
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,dc=rorotika,dc=com"
ppolicy_use_lockout
When I start slapd in debug with d 255, I get the following "error"?
ine 21 (loglevel        4)
line 22 (pidfile         /usr/local/var/run/slapd.pid)
line 23 (argsfile        /usr/local/var/run/slapd.args)
line 26 (modulepath     /usr/local/libexec/openldap)
line 27 (moduleload     ppolicy.la)
loaded module ppolicy.la
module ppolicy.la: null module registered
line 65 (access to dn.base=""        by * read)
...
...
...
dnNormalize: <>
<<< dnNormalize: <>
Backend ACL: access to dn.base=""
        by * read
The line that consern me is "module ppolicy.la: null module
registered", is this a problem? The ppolicy does not seen to
overlay... It seems that the Solaris 10 settings is still valid, for
example
It seems that this policy is not activated, for example the
pwdMinLength: is set to 3, but when the user changes his/her password,
it seems that the Solaris policy takes over from the
/etc/default/passwd file
test5:/ $ ssh admin777@10.1.1.5
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * * *
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OR OTHER
APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT
TO MONITORING AND AUDITING.
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
Password:
Last login: Tue Jul 12 11:14:22 2011 from test5.example.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
test5:/ $ id
uid=5011(admin777) gid=1000(users) groups=1000(users)
test5:/ $ passwd
passwd: Changing password for admin777
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
New Password:
test5:/ $ cat /etc/default/passwd
#ident @(#)passwd.dfl 1.7 04/04/22 SMI
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
MAXWEEKS=13
MINWEEKS=
PASSLENGTH=8
# NAMECHECK enables/disables login name checking.
Could someone point me in the right direction please?