Apologies Quanah,

Yes - the first thing I did was to load the ppolicy schema.

Here is the full cn=module{0} from ldapsearch:

# module{0}, config dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}ppolicy

Here is the contents of cn=module{0}.ldif

dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov

I don't have the initial error that I got when attempting to load the ppolicy module, but subsequent attempts yield this error: add olcModuleLoad: ppolicy modifying entry "cn=module{0},cn=config" ldap_modify: Type or value exists (20) additional info: modify/add: olcModuleLoad: value #0 already exists

Then after (ill-advisedly) applying the ppolicy overlay, slapcat -n 0 yields the following:

5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted. 5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config: slapcat: bad configuration file!

Thank you,

John Alexander

On Mon, Jun 8, 2020 at 9:12 AM Quanah Gibson-Mount quanah@symas.com wrote:

--On Monday, June 8, 2020 9:55 AM -0700 John Alexander jalexander@concentricsky.com wrote:

...

Hi Quanah,

I figured that was the problem, but after I ran the module load:

dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy

I received errors. slapcat -n 0 | grep olcModuleLoad did not indicate that ppolicy was loaded. However ldapsearch indicated that it was loaded.

If you receive errors, you need to show what those errors are. You also need to show what your *full* cn=module{0} entry looks like, and you've never stated whether or not you've loaded the mandatory ppolicy schema.

Regards, Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com