Re: OL 2.3.7 and password policy

[Samuel Tran <stran@amnh.org>]

On Mon, 2005-09-12 at 17:10 -0700, Howard Chu wrote:
> Samuel Tran wrote:
> > Hi All,
> >
> > I am testing OL 2.3.7 on a Debian Sarge box.
> > I would like to implement the password policy overlay.
> >
> > When I try to create a dn that would hold the password policy:
> >
> > stran@educ236:~$ ldapmodify -vv -x -W -D
> > "uid=stran,ou=people,dc=example,dc=com" -H ldap://localhost -f
> > passwd_cn.ldif 
> > ldap_initialize( ldap://localhost )
> > Enter LDAP Password: 
> > replace cn:
> >         password
> > replace objectClass:
> >         organizationalRole
> >         pwdPolicy
> > replace pwdattribute:
> >         userpassword
> > modifying entry "cn=password,ou=Policies,dc=example,dc=com"
> > modify complete
> > ldap_modify: Invalid syntax (21)
> >         additional info: pwdattribute: value #0 invalid per syntax
> >
> > I don't understand why I get that error message.
> >
> >   
> It looks like slapd's objectIdentifierMatch rule doesn't understand descriptions (though it is supposed to). You'll have to use the numeric OID instead, until that is fixed.
> 

Howard,

I tried using the userPassword OID instead and got another error
message:

stran@educ236:~$ ldapmodify -vv -x -W -D
"uid=stran,ou=people,dc=example,dc=com" -H ldap://localhost -f
passwd_cn.ldif 
ldap_initialize( ldap://localhost )
Enter LDAP Password: 
replace cn:
        password
replace objectClass:
        organizationalRole
        pwdPolicy
replace pwdattribute:
        2.5.4.35
modifying entry "cn=password,ou=Policies,dc=example,dc=com"
modify complete
ldap_modify: No such object (32)
        matched DN: ou=Policies,dc=example,dc=com

I filed an ITS: #4025
http://www.OpenLDAP.org/its/index.cgi?findid=4025

Thanks.
Sam