[Date Prev][Date Next] [Chronological] [Thread] [Top]

WARNING: No dynamic config support for overlay ppolicy?



I've been trying to play with the ppolicy features of openldap for a few
months now I have been very unsucessful.

Here is my slapd.conf file:

[root@dgovit-pap02 openldap]# cat slapd.conf
############################################################
include         /usr/local/ldap/etc/openldap/schema/core.schema
include         /usr/local/ldap/etc/openldap/schema/cosine.schema
include         /usr/local/ldap/etc/openldap/schema/nis.schema
include         /usr/local/ldap/etc/openldap/schema/corba.schema
include         /usr/local/ldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/ldap/etc/openldap/schema/misc.schema
include         /usr/local/ldap/etc/openldap/schema/openldap.schema
include         /usr/local/ldap/etc/openldap/schema/ppolicy.schema
include         /usr/local/ldap/etc/openldap/schema/ttpua.schema

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

# Load dynamic backend modules:
modulepath    /usr/local/ldap/libexec/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
# moduleload ppolicy.la

overlay ppolicy
ppolicy_default "cn=std,ou=portal,ou=policies,dc=ttpua,dc=portal"
ppolicy_use_lockout

access to dn="" by * read

password-hash   {SSHA}

database        bdb
suffix          "dc=ttpua,dc=portal"
rootdn          "cn=scoobydoo,dc=ttpua,dc=portal"


rootpw {SSHA}hPdD1ypslgiUX6ANvpBoQRdJ7rAK9ab2

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.

directory       /usr/local/ldap/var/openldap-data

# indexing
index default eq

# basic use
index objectClass,uid,dc,o,ou

# references
index member,owner,seeAlso

# mail
index mail

# names
index cn,sn,givenName,displayName eq,sub




access to attrs=userPassword
        by self write
        by anonymous auth
        by * none

access to attrs=shadowLastChange
        by self write
        by * auth

access to * by * read

loglevel 255

database monitor


EOF

I compiled openldap-2.3.32 as follows: 

./configure --with-threads=posix --with-tls=openssl --enable-dynamic
--with-cyrus-sasl --enable-modules--enable-ldbm=mod --enable-crypt
--enable-lmpasswd --enable-ldap=mod --enable-meta=mod --enable-rewrite
--enable-null=mod --enable-monitor=mod --enable-accesslog
--enable-denyop --enable-dyngroup --enable-dynlist --enable-lastmod
--enable-ppolicy --enable-proxycache --enable-refint --enable-retcode
--enable-rwm --enable-syncprov --enable-translucent --enable-unique
--enable-valsort --enable-aci --enable-bdb=mod --enable-hdb=mod
--enable-ldbm-api=berkeley --enable-spasswd --enable-wrappers
--prefix=/usr/local/ldap

Can someone help me out here. Not sure what I'm doing wrong. I've
followed every example I can find on the net but its still not working
out for me. 

TIA,

Errol Neal