[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy



On Freitag, 11. April 2008, Rick Stevens wrote:
> Howard Chu wrote:
> > Chris G. Sellers wrote:
> >> Rick,
> >>
> >> try
> >>
> >> ldapsearch -{normal stuff here}  cn=<value>  '*' '+'
> >>
> >> And then man ldapsearch and read the 'operational' section of the
> >> manpage (near the top)
> >>
> >> On Apr 10, 2008, at 6:35 AM, Gavin Henry wrote:
> >>> Rick Stevens wrote:
> >>>> I've got a question regarding the ppolicy overlay.  I've read
> >>>> the docs I
> >>>> can find for it on the web, but there's a couple of holes in
> >>>> them and in
> >>>> my knowledge.
> >>>> I've got the config set up (schema, module load, external check
> >>>> library)
> >>>> and such.  I've got the default policy DN in the database and
> >>>> such. From slapd.conf:
> >>>> overlay ppolicy
> >>>>         ppolicy_default \
> >>>>     "cn=DefaultPassword,ou=Policies,dc=billing,dc=com"
> >>>>         ppolicy_use_lockout
> >>>>         ppolicy_hash_cleartext
> >
> > If the above extract from slapd.conf was quoted exactly, then it is
> > wrong. Read the slapd.conf(5) manpage.
>
> The "ppolicy_default" stuff is on one line.  I reformatted it for my
> mail client.
The indentation is the problem. The slapd.conf(5) manpage states this:

 "If  a  line begins with white space, it is considered a continuation 
  of the previous line."

All the ppolicy statements have to be on separate lines as they are 
separate config options.

-- 
Ralf