[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy



Rick Stevens wrote:
Ralf Haferkamp wrote:
On Freitag, 11. April 2008, Rick Stevens wrote:
Howard Chu wrote:
Chris G. Sellers wrote:
Rick,

try

ldapsearch -{normal stuff here}  cn=<value>  '*' '+'

And then man ldapsearch and read the 'operational' section of the
manpage (near the top)

On Apr 10, 2008, at 6:35 AM, Gavin Henry wrote:
Rick Stevens wrote:
I've got a question regarding the ppolicy overlay.  I've read
the docs I
can find for it on the web, but there's a couple of holes in
them and in
my knowledge.
I've got the config set up (schema, module load, external check
library)
and such.  I've got the default policy DN in the database and
such. From slapd.conf:
overlay ppolicy
        ppolicy_default \
    "cn=DefaultPassword,ou=Policies,dc=billing,dc=com"
        ppolicy_use_lockout
        ppolicy_hash_cleartext
If the above extract from slapd.conf was quoted exactly, then it is
wrong. Read the slapd.conf(5) manpage.
The "ppolicy_default" stuff is on one line.  I reformatted it for my
mail client.
The indentation is the problem. The slapd.conf(5) manpage states this:

"If a line begins with white space, it is considered a continuation of the previous line."

All the ppolicy statements have to be on separate lines as they are separate config options.

Oh. The example code showed indentations, I believe. I'll reformat and give it a whirl.

I really do appreciate the help. I'll keep the list posted.

As I promised, here's an update:

It was indeed the syntax of the slapd.conf.  The indentations were the
culprit.  I'm a bit surprised that neither the slapd parser nor slaptest
caught it.  Ah, well.

The inability to specify the pwdCheckModule attribute for the policy
also caused me grief until I realized that I had to include
"objectClass: pwdPolicyChecker" to my policies.  I don't recall seeing
that in my google searches, but I'm a bit punch drunk from this whole
thing.

Just wanted to extend my immense gratitude to all the help I've received
on the list.  As they'd say in 1920's Chicago, "Youse mugs is great!"
----------------------------------------------------------------------
- Rick Stevens, Unix Geek                          rps2@socal.rr.com -
-                                                                    -
-            I'm afraid my karma just ran over your dogma            -
----------------------------------------------------------------------