[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slap_global_control - ppolicy



Hello,

This is my doubt:

It is not needed to load the module for password policies?
like
moduleload ppolicy.la

How do I compile it as built-in?

Thanks,

Francisco Saito

On 11/18/06, Prakash Velayutham <Prakash.Velayutham@cchmc.org> wrote:
Hello All,

I configured OpenLDAP-2.3.29 with the following options.

./configure --with-threads=posix --with-tls=openssl --enable-dynamic
--with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt
--enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite
--enable-null=mod --enable-monitor=mod --enable-accesslog
--enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod
--enable-ppolicy --enable-proxycache --enable-refint --enable-retcode
--enable-rwm --enable-syncprov --enable-translucent --enable-unique
--enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod
--enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers
--prefix=/usr/local/encap/openldap

My slapd.conf is:

include
/usr/local/encap/openldap/etc/openldap/schema/core.schema
include
/usr/local/encap/openldap/etc/openldap/schema/cosine.schema
include
/usr/local/encap/openldap/etc/openldap/schema/inetorgperson.schema
include
/usr/local/encap/openldap/etc/openldap/schema/openldap.schema
include         /usr/local/encap/openldap/etc/openldap/schema/nis.schema
include
/usr/local/encap/openldap/etc/openldap/schema/samba3.schema
include
/usr/local/encap/openldap/etc/openldap/schema/ppolicy.schema

allow bind_anon_dn

pidfile         /usr/local/encap/openldap/var/run/slapd.pid
argsfile        /usr/local/encap/openldap/var/run/slapd.args

database        bdb
suffix          "dc=my-domain,dc=com"
rootdn          "cn=Manager,dc=my-domain,dc=com"

rootpw          secret

directory       /usr/local/encap/openldap/var/openldap-data

index   objectClass     eq

overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=my-domain,dc=com"
ppolicy_use_lockout

access to attrs=userpassword
        by self write
        by * auth

access to *
        by self write
        by * read

loglevel -1

########################################################################

Now when I try to do this:

prakash@linux:~> ldapsearch -H ldap://localhost -D
"cn=Manager,dc=my-domain,dc=com" -x -W -b "dc=my-domain,dc=com" -e
ppolicy "cn=Manager"
Enter LDAP Password:

I get the proper result.

# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope subtree
# filter: cn=Manager
# requesting: ALL
#

# Manager, my-domain.com
dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager
description: LDAP Directory Manager

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

But in the server logs, I see,

Nov 18 09:55:31 linux slapd[11135]: => get_ctrls:
oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical)
Nov 18 09:55:31 linux slapd[11135]: <= get_ctrls: n=1 rc=0 err=""
Nov 18 09:55:31 linux slapd[11135]:     attrs:
Nov 18 09:55:31 linux slapd[11135]:
Nov 18 09:55:31 linux slapd[11135]: conn=0 op=1 SRCH
base="dc=my-domain,dc=com" scope=2 deref=0 filter="(cn=manager)"
Nov 18 09:55:31 linux slapd[11135]: slap_global_control: unavailable
control: 1.3.6.1.4.1.42.2.27.8.5.1

Is this the reason, why I am not able to get my ppolicy controls to
work? How do I make this control available?

Thanks,
Prakash