Version: 2.3.39
I am working with the policy overlay and ran into a little issue with the
password history. I have pwdInHistory set to 3 in the password policy dn.
When I change the password, the pwdHistory is updated, but, the policy
doesn't seem to be enforced (as I can keep reusing anying of the three
passwords). In the logs, I see the following:
Feb 8 15:59:11 dirdev1 slapd[3947]: => bdb_entry_get: ndn: "cn=default
password policy,ou=config,dc=moody,dc=edu"
Feb 8 15:59:11 dirdev1 slapd[3947]: => bdb_entry_get: oc: "(null)", at:
"(null)"
Feb 8 15:59:11 dirdev1 slapd[3947]: bdb_dn2entry("cn=default password
policy,ou=config,dc=moody,dc=edu")
Feb 8 15:59:11 dirdev1 slapd[3947]: =>
bdb_dn2id("ou=config,dc=moody,dc=edu")
Feb 8 15:59:11 dirdev1 slapd[3947]: <= bdb_dn2id: got id=0x00000004
Feb 8 15:59:11 dirdev1 slapd[3947]: => bdb_dn2id("cn=default password
policy,ou=config,dc=moody,dc=edu")
Feb 8 15:59:11 dirdev1 slapd[3947]: <= bdb_dn2id: got id=0x00000014
Feb 8 15:59:11 dirdev1 slapd[3947]: entry_decode: "cn=Default Password
Policy,ou=config,dc=moody,dc=edu"
Feb 8 15:59:11 dirdev1 slapd[3947]: <= entry_decode(cn=Default Password
Policy,ou=config,dc=moody,dc=edu)
Feb 8 15:59:11 dirdev1 slapd[3947]: => bdb_entry_get: found entry:
"cn=default password policy,ou=config,dc=moody,dc=edu"
Feb 8 15:59:11 dirdev1 slapd[3947]: bdb_entry_get: rc=0
And then it happily changes the user's password.
--- slapd.conf ---
[removed stuff]
# Load dynamic backend modules:
modulepath /opt/BENTEST/libexec/openldap
moduleload back_bdb.la
moduleload ppolicy.la
[removed stuff]
database bdb
suffix "dc=moody,dc=edu"
rootdn "cn=Directory Manager,dc=moody,dc=edu"
rootpw fall
directory /opt/BENTEST/var/openldap-data/dc=moody,dc=edu
# password policy
overlay ppolicy
ppolicy_default "cn=Default Password Policy,ou=config,dc=moody,dc=edu"
ppolicy_use_lockout
---------
What am I missing?
---
Benji Spencer
System Administrator
Ph: 312-329-2288
Attachment:
smime.p7s
Description: S/MIME cryptographic signature