[Date Prev][Date Next] [Chronological] [Thread] [Top]

feature --enable-ppolicy

To: openldap-bugs@openldap.org
Subject: feature --enable-ppolicy
From: Philippe Radix <philippe.radix@alcatel-lucent.fr>
Date: Mon, 25 Jun 2007 18:24:22 +0200
Organization: NMU
User-agent: Mozilla/5.0 (X11; U; HP-UX 9000/785; en-US; rv:0.9.4) Gecko/20011212 Netscape6/6.2.1

hello

I try to test  the new feature  the new  version openldap  (openldap-2.3.36)

cd /alcatel/PR/ tar xvzf openldap-2.3.36.tgz cd /alcatel/PR/openldap-2.3.36 ./configure --prefix=/opt/ldap/OpenLDAP --with-cyrus-sasl --with-tls --enable-backends --enable-overlays make depend make make install

i create slapd.cond
---------------
vi slapd.conf

include         /opt/ldap/OpenLDAP/etc/openldap/schema/core.schema
include         /opt/ldap/OpenLDAP/etc/openldap/schema/ppolicy.schema
include         /opt/ldap/OpenLDAP/etc/openldap/schema/cosine.schema

include         /opt/ldap/OpenLDAP/etc/openldap/schema/inetorgperson.schema
overlay         ppolicy
ppolicy_default "cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com"
ppolicy_use_lockout

pidfile    /alcatel/openldapTest/slapd.pid
argsfile   /alcatel/openldapTest/slapd.args
database        bdb
suffix          "dc=alcatel,dc=com"
rootdn          "cn=Admin,dc=alcatel,dc=com"
directory     /alcatel/openldapTest/data
       by self write
       by anonymous auth
       by * none

access to *
       by self write
       by anonymous auth
       by * read


i create defaultpolicy
------------------
dn: ou=Policies,dc=alcatel,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit

dn: cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: StandardPolicy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device


i create user
------------

dn:cn=prtest,dc=alcatel,dc=com
sn: prtest
userpassword: prtest
objectClass: person
pwdPolicySubentry: cn=StandardPolicy
cn: prtest

i thinl all are ok for the policies features
but

and i run server ldap
--------------

and i want to change password with a bad policy password

ldappasswd -h 192.200.244.87 -p 389 -x -D cn=prtest,dc=alcatel,dc=com -w prtest -s titi -e ppolicy

i have   Result: Success (0)  as answer
i dont arive to see the policyies error with client ldap

could you help me

regards

-- ************************************************************ Philippe Radix Alcatel CIT (philippe.radix@alcatel-lucent.fr) Tel.: (33) 01 3077 2829

Follow-Ups:
- Re: feature --enable-ppolicy
  - From: Howard Chu <hyc@symas.com>

Prev by Date: (ITS#5028) incomplete slapcat docs
Next by Date: (ITS#5029) refint schema unavailable
Index(es):
- Chronological
- Thread