[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy - getting to work

To: <richton@nbcs.rutgers.edu>
Subject: Re: ppolicy - getting to work
From: "Prakash Velayutham" <Prakash.Velayutham@cchmc.org>
Date: Fri, 24 Nov 2006 21:19:55 -0500
Cc: openldap-software@openldap.org
Content-disposition: inline

Thanks again. Makes sense.

Now that I am locked out for SSH access, I will just ask questions of
interest without actually trying things out. For all the different
ppolicy-related things to work, I am guessing the following is the
procedure. Please correct me.

a) Editing slapd.conf and adding "include", "modulepath", "loadmodule
ppolicy.la", "overlay", "ppolicy_use_lockout", "ppolicy_default"
statements.
b) Adding necessary policy-related objects to LDAP (policy object and
standard policy sub-object). These will inherit from pwdPolicy
objectclass.
c) Adding the users that will be managed by the password policy to the
directory. Do I have to add "objectClass=pwdPolicy" attribute to all the
users that need to be managed by ppolicy and leave it out for the other
users?

I will try all these out on monday.

Prakash

>>> Aaron Richton <richton@nbcs.rutgers.edu> 11/24/06 8:06 PM >>>
Note that I build static modules, so this may need 
verification/clarification, but I'll try:

The .la files are libtool archives. If you examine them (e.g. cat(1)), 
then you'll see that they point to .so files (among other details). A 
libtool-aware application--note that slapd(8) should be one of them--can

parse the .la file, which allegedly offers advantages (mostly platform 
independence). So, following a 'make install', you should be able to 
specify in slapd.conf

> moduleload /path/to/ppolicy.la

and that should parse OK. At least, that's the way I remember it...

Then again, you should be able to moduleload the .so also. If the .la 
doesn't work out, try that.

On Fri, 24 Nov 2006, Prakash Velayutham wrote:

> Thanks Aaron. So I built openldap with:
>
> $ ./configure --with-tls=no --with-cyrus-sasl=no --enable-slurpd=no
> --enable-ipv6=no --enable-ppolicy=mod --enable-hdb=yes
--enable-modules
> --enable-bdb=no --enable-ldif=no --enable-monitor=no --enable-relay=no
> --enable-syncprov=no
>
> Why do I have a ppolicy*.so and a ppolicy*.la file in the install
> location? When do you use the ppolicy*.so?
>
> I have temporarily lost access to the system because of PAM. Will have
> access again on monday.
>
> Thanks,
> Prakash
>
>>>> Prakash Velayutham 11/24/06 5:13 PM >>>
>>>> Aaron Richton <richton@nbcs.rutgers.edu> 11/24/06 4:04 PM >>>
> configure --enable-hdb --enable-ppolicy={yes|mod} should handle it.
> "yes" will build it into slapd, "mod" will give you a module. (You can
> do
> the same for --enable-hdb.)
>
> On Fri, 24 Nov 2006, Prakash Velayutham wrote:
>
>> Hello All,
>>
>> I am trying to get ppolicy working on my openldap-2.3.29 server. I
> want
>> this setup to work with hdb backend and either static or dynamic
> ppolicy
>> module. What compile time options would be sufficient?
>>
>> Thanks,
>> Prakash
>

Prev by Date: Re: ppolicy - getting to work
Next by Date: Re: ACL using netgroups
Index(es):
- Chronological
- Thread