[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pesky ppolicy problems

--On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger" <roger.metcalf@acs-inc.com> wrote:

I am trying to use the ppolicy overlay.  I've searched, read and
experimented and can't get it to work.
I've read other similar postings with similar problems but haven't found
the one with the answer.

My OpenLDAP knowledge is intermediate.

I download 2.3.27, then build it:

Why 2.3.27? 2.3.32 is the current stable release.

Plus there have been fixes since 2.3.27:

OpenLDAP 2.3.30 Release (2006/11/14)
	Fixed slapo-ppolicy external quality check (ITS#4741)

OpenLDAP 2.3.29 Release (2006/11/10) Fixed slapo-ppolicy leaks (ITS#4665)

OpenLDAP 2.3.28 Release (2006/10/21)
	Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)

As for your questions:


1) Where is ppolicy.la located?

Well, if its a dynamic module, then in $lib/openldap:

ldap00:/usr/local/lib/openldap> ls -l ppol*
lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy-2.3.so.0 -> ppolicy-2.3.so.0.2.16*
-rwxr-xr-x 1 root root 102169 Nov 8 21:49 ppolicy-2.3.so.0.2.16*
-rwxr-xr-x 1 root root 909 Nov 8 21:49 ppolicy.la*
lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy.so -> ppolicy-2.3.so.0.2.16*

2) Does it need to be loaded?

Yes, if it is a dynamic module.

3) Where is the path to it specified?

Via the "modulepath" directive in slapd.conf:

# Load dynamic backend modules:
modulepath      /usr/local/lib/openldap
moduleload      back_hdb.la
moduleload      back_monitor.la

4) When are moduleload specs needed?

Not sure what you mean here.

5) Are env variables needed to find ppolicy.la?


6) What's the secret?

Reading the man pages and other documentation.

7) When will the book be published?

Howard is currently working on writing it.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html