Hi,
I installed openldap 2.4.40 on ubuntu 12.04LTS
I enabled ppolicy while configuring the installation. ./configure --enable-hdb --enable-ppolicy --enable-syncprov --with-tls
I want to specify a password check module (to check for minimum upper cases, lower cases, digits, etc).
I got the module from http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password
I created a password policy very similar to the one given in the documentation:
dn: cn=default,ou=policies,dc=example,dc=com cn: default objectClass: pwdPolicy objectClass: person objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 1 pwdCheckModule: check_password.so pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 0
pwdInHistory: 5 3 pwdLockout: TRUE pwdLockoutDuration: 60 0 pwdMaxAge: 1200 pwdMaxFailure: 3 pwdMinAge: 0 pwdMinLength: 8 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
slapd.conf:
modulepath /usr/local/lib moduleload check_password.so
While adding this password policy to ldap, I get the error:
ldap_add: Object class violation (65) attribute info: attribute 'pwdCheckModule' not allowed
The log level is 256 and doesn't say much besides giving the same error.
Let me know where I have gone wrong.
-Guruprasad
2014-11-14 0:31 GMT+01:00 Guruprasad Kulkarni gkulkarni@gridcosystems.com:
Hi,
I installed openldap 2.4.40 on ubuntu 12.04LTS
I enabled ppolicy while configuring the installation. ./configure --enable-hdb --enable-ppolicy --enable-syncprov --with-tls
I want to specify a password check module (to check for minimum upper cases, lower cases, digits, etc).
I got the module from http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password
I created a password policy very similar to the one given in the documentation:
dn: cn=default,ou=policies,dc=example,dc=com cn: default objectClass: pwdPolicy objectClass: person objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 1 pwdCheckModule: check_password.so pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 0
pwdInHistory: 5 3 pwdLockout: TRUE pwdLockoutDuration: 60 0 pwdMaxAge: 1200 pwdMaxFailure: 3 pwdMinAge: 0 pwdMinLength: 8 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value
slapd.conf:
modulepath /usr/local/lib moduleload check_password.so
While adding this password policy to ldap, I get the error:
ldap_add: Object class violation (65) attribute info: attribute 'pwdCheckModule' not allowed
The log level is 256 and doesn't say much besides giving the same error.
Let me know where I have gone wrong.
Hi,
you need to add the objectClass pwdPolicyChecker to use the attribute pwdCheckModule.
Clément.
openldap-technical@openldap.org
-
Clément OUDOT -
Guruprasad Kulkarni