Oracle OpenLDAP PPolicy ppolicy and the hierarchy - openldap-technical

23 Dec 2013


      In Use:  Oracle OpenLDAP 2.4.30, I cannot change to the OpenLDAP version that one can compile.
Problem:  I have the module and overlay in the conf files and slaptest says it's fine.  Both files are from Openldap.org version 2.4.37But how do I test it?
I have created unix shell scripts to do actions like add, delete, modify, view, etc. I can share these if requested.
But I am unsure on the lock, unlock, policy stuff.
Also, How should the OpenLDAP hierarchy look?
Here's mine:
dn: dc=bozo_company,dc=com
ou: com
objectClass: dcObject
objectClass: organizationalUnit
objectClass: top
dc: bozo_company
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dn: cn=Directory Administrators,dc=bozo_company,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Directory Administrators
uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com
dn: ou=Groups,dc=bozo_company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups
dn: ou=People,dc=bozo_company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
dn: ou=Special Users,dc=bozo_company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
dn: cn=Accounting Managers,ou=groups,dc=bozo_company,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
uniqueMember: uid=Replica,ou=People,dc=bozo_company,dc=com
uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com
dn: cn=HR Managers,ou=groups,dc=bozo_company,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com
dn: cn=QA Managers,ou=groups,dc=bozo_company,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com
dn: cn=PD Managers,ou=groups,dc=bozo_company,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com
dn: ou=Services,dc=bozo_company,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: ou=DML,ou=Services,dc=bozo_company,dc=com
ou: DML
objectClass: top
objectClass: organizationalUnit
dn: ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
ou: 1.0
objectClass: top
objectClass: organizationalUnit
dn: ou=UserForm,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
ou: UserForm
objectClass: top
objectClass: organizationalUnit
dn: ou=Configuration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
ou: Configuration
objectClass: top
objectClass: organizationalUnit
dn: cn=Configuration:#ID#Configuration:SystemConfiguration,ou=Configuration,ou=1
.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:SystemConfiguration
dn: cn=Configuration:#ID#Configuration:CustomRoles,ou=Configuration,ou=1.0,ou=DM
L,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:CustomRoles
dn: cn=Configuration:#ID#Configuration:DmlManagedDirectory,ou=Configuration,ou=1
.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DmlManagedDirectory
dn: cn=UserForm:#ID#UserForm:DefaultUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic
es,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultUserForm
dn: cn=UserForm:#ID#UserForm:DefaultNtUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultNtUserForm
dn: cn=UserForm:#ID#UserForm:DefaultHomeForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic
es,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultHomeForm
dn: cn=UserForm:#ID#UserForm:DefaultDMLObjectForm,ou=UserForm,ou=1.0,ou=DML,ou=S
ervices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDMLObjectForm
dn: cn=UserForm:#ID#UserForm:DefaultCreateForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultCreateForm
dn: cn=UserForm:#ID#UserForm:DefaultObjectClassSelectionForm,ou=UserForm,ou=1.0,
ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultObjectClassSelectionForm
dn: cn=UserForm:#ID#UserForm:DefaultDisplayComponentFields,ou=UserForm,ou=1.0,ou
=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDisplayComponentFields
dn: cn=UserForm:#ID#UserForm:DefaultEditFieldForm,ou=UserForm,ou=1.0,ou=DML,ou=S
ervices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultEditFieldForm
dn: cn=UserForm:#ID#UserForm:DefaultListFormsForm,ou=UserForm,ou=1.0,ou=DML,ou=S
ervices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultListFormsForm
dn: cn=UserForm:#ID#UserForm:DefaultEditFormForm,ou=UserForm,ou=1.0,ou=DML,ou=Se
rvices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultEditFormForm
dn: cn=UserForm:#ID#UserForm:DefaultGroupForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi
ces,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultGroupForm
dn: cn=UserForm:#ID#UserForm:DefaultFindLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Ser
vices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultFindLibrary
dn: cn=UserForm:#ID#UserForm:DefaultGroupFilterForm,ou=UserForm,ou=1.0,ou=DML,ou
=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultGroupFilterForm
dn: cn=UserForm:#ID#UserForm:DefaultOuForm,ou=UserForm,ou=1.0,ou=DML,ou=Services
,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultOuForm
dn: cn=UserForm:#ID#UserForm:DefaultDomainForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDomainForm
dn: cn=UserForm:#ID#UserForm:DefaultLocalityForm,ou=UserForm,ou=1.0,ou=DML,ou=Se
rvices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultLocalityForm
dn: cn=UserForm:#ID#UserForm:DefaultFindForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic
es,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultFindForm
dn: cn=UserForm:#ID#UserForm:DefaultSearchConfigForm,ou=UserForm,ou=1.0,ou=DML,o
u=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultSearchConfigForm
dn: cn=Configuration:#ID#Configuration:DefaultSearchOptions,ou=Configuration,ou=
1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DefaultSearchOptions
dn: cn=UserForm:#ID#UserForm:DefaultCOSTemplateForm,ou=UserForm,ou=1.0,ou=DML,ou
=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultCOSTemplateForm
dn: cn=UserForm:#ID#UserForm:DefaultExtensionsEditForm,ou=UserForm,ou=1.0,ou=DML
,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultExtensionsEditForm
dn: cn=UserForm:#ID#UserForm:DefaultManagedDirectoryForm,ou=UserForm,ou=1.0,ou=D
ML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultManagedDirectoryForm
dn: cn=UserForm:#ID#UserForm:DefaultOrganizationPickerForm,ou=UserForm,ou=1.0,ou
=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultOrganizationPickerForm
dn: cn=UserForm:#ID#UserForm:DefaultListNamingAttributesForm,ou=UserForm,ou=1.0,
ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultListNamingAttributesForm
dn: cn=UserForm:#ID#UserForm:DefaultNamingAttributeForm,ou=UserForm,ou=1.0,ou=DM
L,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultNamingAttributeForm
dn: cn=UserForm:#ID#UserForm:DefaultRolesForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi
ces,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultRolesForm
dn: cn=UserForm:#ID#UserForm:DefaultRoleForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic
es,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultRoleForm
dn: cn=UserForm:#ID#UserForm:DefaultDeleteForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDeleteForm
dn: cn=UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm,ou=UserForm,ou=1.0,
ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm
dn: cn=UserForm:#ID#UserForm:DefaultEnableForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultEnableForm
dn: cn=UserForm:#ID#UserForm:DefaultDisableForm,ou=UserForm,ou=1.0,ou=DML,ou=Ser
vices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultDisableForm
dn: cn=UserForm:#ID#UserForm:DefaultRenameForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultRenameForm
dn: cn=UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm,ou=UserForm,ou=1.0,o
u=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm
dn: cn=UserForm:#ID#UserForm:DefaultBrowseForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv
ices,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultBrowseForm
dn: cn=Configuration:#ID#Configuration:ComponentProperties,ou=Configuration,ou=1
.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:ComponentProperties
dn: cn=Configuration:#ID#Configuration:DefaultFormConfiguration,ou=Configuration
,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DefaultFormConfiguration
dn: cn=Configuration:#ID#Configuration:DefaultRoles,ou=Configuration,ou=1.0,ou=D
ML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DefaultRoles
dn: cn=Configuration:#ID#Configuration:DefaultCapabilities,ou=Configuration,ou=1
.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DefaultCapabilities
dn: cn=Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration,ou=C
onfiguration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration
dn: cn=UserForm:#ID#UserForm:DefaultEditPasswordForm,ou=UserForm,ou=1.0,ou=DML,o
u=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:DefaultEditPasswordForm
dn: cn=Configuration:#ID#Configuration:WPSearchOptions,ou=Configuration,ou=1.0,o
u=DML,ou=Services,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: Configuration:#ID#Configuration:WPSearchOptions
dn: cn=UserForm:#ID#UserForm:WPSearchLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Servic
es,dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:WPSearchLibrary
dn: cn=UserForm:#ID#UserForm:WPSearchForm,ou=UserForm,ou=1.0,ou=DML,ou=Services,
dc=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:WPSearchForm
dn: cn=UserForm:#ID#UserForm:WPViewForm,ou=UserForm,ou=1.0,ou=DML,ou=Services,dc
=bozo_company,dc=com
objectClass: top
objectClass: applicationProcess
description::
cn: UserForm:#ID#UserForm:WPViewForm
dn: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com
sn: clownadmin
ou: People
ou: Special Users
cn: clownadmin
objectClass: top
objectClass: person
objectClass: organizationalPerson
userPassword: {SHA}ZC/bQou6tU8wl3TJ6dCoSasxgVA=
dn: uid=Replica,ou=People,dc=bozo_company,dc=com
uid: Replica
cn: Replica
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
shadowLastChange: 13761
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 22222
gidNumber: 100
homeDirectory: /tmp
gecos: Replica userid for slave LDAP servers
dn: cn=david.m.barr,ou=People,dc=bozo_company,dc=com
uid: david.m.barr
sn: david.m.barr
ou: People
cn: david.m.barr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: uidObject
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
pwdAttribute: userPassword
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dn: cn=Test.user02,ou=People,dc=bozo_company,dc=com
uid: Test.user02
sn: Test.user02
ou: People
cn: Test.user02
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: uidObject
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
pwdAttribute: userPassword
pwdLockout: TRUE
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dn: cn=Test.user04,ou=People,dc=bozo_company,dc=com
uid: Test.user04
sn: Test.user04
ou: People
cn: Test.user04
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: uidObject
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dn: ou=Policies,dc=bozo_company,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
dn: cn=Password Policy,ou=Policies,dc=bozo_company,dc=com
objectClass: top
objectClass: pwdPolicy
objectClass: person
description: The default password policy
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 3600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 5184000
pwdMaxFailure: 5
pwdMinAge: 3600
pwdMinLength: 5
pwdMustChange: TRUE
pwdSafeModify: FALSE
sn: Password Policy
cn: Password Policy
dn: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com
objectClass: top
objectClass: organizationalUnit
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
ou: Standard Policy
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdMaxFailure: 3
pwdMustChange: TRUE
pwdSafeModify: TRUE
pwdLockoutDuration: 0
pwdCheckModule: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com
pwdAllowUserChange: TRUE
description: Standard Password Policy
pwdMaxAge: 7776002
pwdExpireWarning: 432000
pwdFailureCountInterval: 120
pwdMinLength: 14
pwdInHistory: 10
pwdGraceAuthNLimit: 0
pwdMinAge: 86400
dn: cn=accesslogname,dc=bozo_company,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
ou: accesslogname
description: accesslog
sn: accesslogname
cn: accesslogname
dn: cn=john.d.doe,ou=People,dc=bozo_company,dc=com
uid: john.d.doe
sn: john.d.doe
ou: People
cn: john.d.doe
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: uidObject
userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Anyone out there who can help?
-David
dbc@usa.net
________________________________
CONFIDENTIALITY NOTICE: The information contained in this electronic mail (email) transmission (including attachments), is intended by MCLANE ADVANCED TECHNOLOGIES for the use of the named individual or entity to which it is addressed and may contain information that is privileged, confidential and/or protected as a trade secret. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee(s). If you have received this email in error, please delete it (including attachments) and any copies thereof without printing, copying or forwarding it, and notify the sender of the error by email reply immediately.