[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: How to enable 'pwdPolicySubentry' in ppolicy.schema
- To: "Howard Chu" <hyc@symas.com>
- Subject: RE: How to enable 'pwdPolicySubentry' in ppolicy.schema
- From: "Alexey Shalin" <a.shalin@ipc.kg>
- Date: Fri, 21 Jan 2011 09:41:06 +0600
- Cc: openldap-technical@openldap.org
- Content-class: urn:content-classes:message
- Thread-index: Acu5HISdNBaw+0b5Q5qyZ1jz6w8fdwAAAoAQ
- Thread-topic: How to enable 'pwdPolicySubentry' in ppolicy.schema
Thank you for your reply.
But then how can I use this:
dn: cn=search,ou=users,ou=my_dn
changetype: modify
add: pwdPolicySubentry
pwdPolicy: "cn=user,ou=pwpolicies,ou=my_dn"
I want to exclude user: search from default policy
>From docs:
Finally the account entry for the user(s) to whom this policy applies
are modified to point to the specific policy using the following LDIF
fragment:
# point the users entry to the specific policy
dn: cn=John Smith,ou=people,dc=example,dc=com
changetype: modify
add: pwdPolicySubentry
pwdPolicy: "cn=user,ou=pwpolicies,dc=example,dc=com"
------------------------------------------------------------------------
----
When I tried run it in my LDAP browser I got:
Line 4, Column 0: Unexpected line found: 'pwdPolicy:
"cn=user,ou=pwpolicies,ou=my_dn"'.
Line 4, Column 0: The 'add' modification operation must have at least
one value specified (Attribute: 'pwdPolicySubentry').
Line 4: Unexpected end of LDIF file. The last record will not be
committed.
Import data complete. Elapsed time: 0:00. Entries processed: 0.
Warning(s): 0, error(s): 3.
Can you please tell may be another way, how to exclude user:search from:
dn: cn=std, ou=ppolicy, ou=my_dn
pwdCheckModule: check_password.so
pwdMaxFailure: 6
pwdMustChange: TRUE
pwdAttribute: userPassword
pwdMinLength: 7
pwdSafeModify: FALSE
pwdInHistory: 4
pwdGraceAuthNLimit: 3
pwdCheckQuality: 1
objectClass: pwdPolicy
objectClass: top
objectClass: device
objectClass: pwdPolicyChecker
pwdLockoutDuration: 18
pwdAllowUserChange: TRUE
pwdExpireWarning: 432000
pwdLockout: TRUE
pwdMaxAge: 7776000
Thank you
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Friday, January 21, 2011 9:36 AM
To: Alexey Shalin
Cc: openldap-technical@openldap.org
Subject: Re: How to enable 'pwdPolicySubentry' in ppolicy.schema
Alexey Shalin wrote:
> Hello,
>
> How to enable 'pwdPolicySubentry' in ppolicy.schema, I added this
into
> ppolicy.schema
Never modify the schema files distributed with OpenLDAP.
> attributetype ( 1.3.6.1.4.1.42.2.27.8.1.23
>
> NAME 'pwdPolicySubentry'
>
> DESC 'The pwdPolicy subentry in effect for this object'
>
> EQUALITY distinguishedNameMatch
>
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>
> SINGLE-VALUE
>
> USAGE directoryOperation )
>
> But after that my slapd do not started.
Of course.
Schema files are only for defining user attributes. Operational
attributes
must be implemented in code and cannot be defined from a schema config
file.
This particular attribute is already implemented in the ppolicy overlay
so
there is no need to define it again anyway.
> should I upgrade openldap to the last ver ?
That would make no difference here, but it's always best to stay up to
date.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 5804 (20110120) __________
The message was checked by ESET NOD32 Antivirus.
http://www.esetnod32.ru/.ml
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 5804 (20110120) __________
The message was checked by ESET NOD32 Antivirus.
http://www.esetnod32.ru/.ml