[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy: invalid value for attributeType pwAttribute -- for "userPassword"

Dieter Kluenter wrote:

Chris Shenton<chris.shenton@nasa.gov>  writes:

On Feb 23, 2008, at 3:11 AM, Dieter Kluenter wrote:

Chris Shenton<chris.shenton@nasa.gov>  writes:

I'm running 2.3.39 and using ppolicy to enforce our password
policy. Got an LDIF file:
pwdAttribute: userPassword
pwdAttribute value should contain the OID of attribute type
which is
Thanks, that got me going.  I could swear I used "userPassword" in a
previous version of OpenLDAP.

Yes. That is intended to work; the ppolicy overlay installs a handler to map attribute names to their OIDs so that the main slapd code will recognize them.

Perhaps the docs and LDIF file should mention that you need to use the
OID rather than the name?
Both the man page for slapo-ppolicy and draft-behera-ldap-password-
policy-xx.txt say "userPassword".

The only reference I have at hand right now is my own documentation, but I could swear that the original information had been in some documentation, either man slapo-ppolicy, draft-behera-ldap-password-policy or in ppolicy.c. But someone with more detailed inside knowledge may comment on this issue and clarify.

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/