[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring ppolicy problem

To: Andy Poirier <atpoirie@northcentral.edu>
Subject: Re: Configuring ppolicy problem
From: "cbulist@gmail.com" <cbulist@gmail.com>
Date: Mon, 27 Aug 2012 21:14:40 -0500
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=gDRtyHp5POpveDqATN5MvoBs/E7n/aJgj2NT9xG/pFs=; b=l7lLCcg9V16fdBASI6llBQCNLVI3+KvABcvI1gZvxDI6xGHm4CK7l2ioj/OhXd1/2u Gpz3c2CC33rk+0/k44oD5p1CNEKUvlQfJAhadUGH6XfXSP0GZ4ajxdOeiabomBPrM8DS SSFLxcKyZ+CCXKjaY9cIkdlu8X/gxM6HcZ4NwibjpO+2bfZEIq5T43fomIfp5qudi0SI jtxApNYB3m/yaQs/oNvzsLoGkpsdZ4z51fXinBYE2v49kreXlctA/nvJM0BtLRCF5J3+ Bubqa5RA+JzByxzj9pLZfqzufNLcxT73/6T3HDgpAEImKXMHkcL8WH0nLLMjqFRrodo8 CgqA==
In-reply-to: <AEC8A374AE8AA74E85723C695791A2D090F0F57D52@CARNELIAN.ad.northcentral.edu>
References: <503BE6E7.4000809@gmail.com> <AEC8A374AE8AA74E85723C695791A2D090F0F57D52@CARNELIAN.ad.northcentral.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120717 Thunderbird/10.0.6

Hi Andy,

Thanks for your reply.
It's not a copy and paste It was misspelled.
How I have understood it when you have an entry in a specific user this
overwrites the entries in default.
In this case the entry in user1 overwrites default's entry.

Thanks!


On 08/27/2012 05:19 PM, Andy Poirier wrote:
> It looks like you have some conflicting arguments in your ldif, not sure if that matters.  Is this a copy and paste ldif or did you have to type it by hand?
>
> The ones that stand out are 
> pwdMaxAge: 60
> pwdMaxAge: 0 - means that passwords will not expire
> pwdMinLenght: 5 - misspelled
>
>
>
> -----Original Message-----
> From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of cbulist
> Sent: Monday, August 27, 2012 4:30 PM
> To: openldap-technical@openldap.org
> Subject: Configuring ppolicy problem
>
> Hi,
>
> I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and pwdWarning (I am able to login when my password is suppose to be expired) I tried with shadowAccount instead of PwdPolicy and It is working well.
>
> This is my relevant setting in slapd.conf
>
>
> include    /etc/openldap/schema/ppolicy.schema
>
> moduleload    ppolicy.la
>
> overlay    ppolicy
> ppolicy_default "cn=default,ou=policies,dc=sample,dc=com"
> ppolicy_use_lockout
>
> My ldip file is:
>
> objectClass: organizationalUnit
> objectClass: top
> ou: policies
>
> dn: cn=default,ou=policies,dc=sample,dc=com
> objectClass: pwdPolicy
> objectClass: person
> objectClass: top
> cn: default
> pwdAttribute: userPassword
> sn: dummy
> pwdAllowUserChange: TRUE
> pwdCheckQuality: 2
> pwdExpireWarning: 50
> pwdFailureCountInternal: 30
> pwdGraceAuthNLimit: 5
> pwdInHistory: 5
> pwdLockout: FALSE
> pwdLockDuration:0
> pwdMaxAge: 60
> pwdMaxAge: 0
> pwdMaxFailure: 5
> pwdMinAge: 0
> pwdMinLenght: 5
> pwdMustChange: FALSE
> pwdSafeModify: FALSE
>
>
> dn: cn=user1,ou=policies,dc=sample,dc=com
> objectClass: pwdPolicy
> objectClass: person
> objectClass: top
> objectClass: posixAccount
> objectClass: pwdPolicy
> objectClass: shadowAccount
> cn: user1
> pwdAttribute: userPassword
> gidNumber: 501
> homeDirectory: /home/user1
> sn: test
> uid: user1
> uidNumber: 501
> pwdAllowUserChange: TRUE
> pwdAge: 20
> pwdExpireWarning: 15
> userPassword: XXXXX
>
>
> Thanks in advance!
>

Follow-Ups:
- Re: Configuring ppolicy problem
  - From: Guillaume Rousse <guillomovitch@gmail.com>

References:
- Configuring ppolicy problem
  - From: cbulist <cbulist@gmail.com>
- RE: Configuring ppolicy problem
  - From: Andy Poirier <atpoirie@northcentral.edu>

Prev by Date: RE: Configuring ppolicy problem
Next by Date: Re: slapd-meta doesn't continue with multiple uri's
Index(es):
- Chronological
- Thread