[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring ppolicy problem



It looks like you have some conflicting arguments in your ldif, not sure if that matters.  Is this a copy and paste ldif or did you have to type it by hand?

The ones that stand out are 
pwdMaxAge: 60
pwdMaxAge: 0 - means that passwords will not expire
pwdMinLenght: 5 - misspelled



-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of cbulist
Sent: Monday, August 27, 2012 4:30 PM
To: openldap-technical@openldap.org
Subject: Configuring ppolicy problem

Hi,

I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and pwdWarning (I am able to login when my password is suppose to be expired) I tried with shadowAccount instead of PwdPolicy and It is working well.

This is my relevant setting in slapd.conf


include    /etc/openldap/schema/ppolicy.schema

moduleload    ppolicy.la

overlay    ppolicy
ppolicy_default "cn=default,ou=policies,dc=sample,dc=com"
ppolicy_use_lockout

My ldip file is:

objectClass: organizationalUnit
objectClass: top
ou: policies

dn: cn=default,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: default
pwdAttribute: userPassword
sn: dummy
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 50
pwdFailureCountInternal: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: FALSE
pwdLockDuration:0
pwdMaxAge: 60
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLenght: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE


dn: cn=user1,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: pwdPolicy
objectClass: shadowAccount
cn: user1
pwdAttribute: userPassword
gidNumber: 501
homeDirectory: /home/user1
sn: test
uid: user1
uidNumber: 501
pwdAllowUserChange: TRUE
pwdAge: 20
pwdExpireWarning: 15
userPassword: XXXXX


Thanks in advance!