[Date Prev][Date Next] [Chronological] [Thread] [Top]

how implement pwdpolicy



I am very new to open ldap. I can run slap an add edit new entry. Now I want to implement pwdpolicy. I tried it several times. I like to describe what I said.


  1. run slapd without modifying anything.
  2. create an ou=policies.  Script as following

dn: ou=policies,dc=my-domain,dc=com

objectClass: organizationalUnit

objectClass: top

ou: policies

  1. write policy.schema.
  2. include policy.schema; but overlay is not added. run slapd again. In the core.schema attributetype userpassword was comment out
  3. Now I want to create policy.ldif. Script

dn: cn=default,ou=policies,dc=my-domain,dc=com

cn: default

objectClass: pwdPolicy

objectClass: person

objectClass: top

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdExpireWarning: 600

pwdFailureCountInterval: 30

pwdGraceAuthNLimit: 5

pwdInHistory: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxAge: 0

pwdMaxFailure: 5

pwdMinAge: 0

pwdMinLength: 5

pwdMustChange: FALSE

pwdSafeModify: FALSE

#sn: 'dummy value' objectClass: organizationalUnit


It gives an error “Invalid syntax (21) pwdAttribute: value #0 invalid per syntax. Why it gives such error?  My assumption is ppolicy.schema attribute is not created successfully. Another point in core.schema attributeType; userPassword is comment out. If I uncomment it. slapd –d 1 gives an duplicate attribute type. Give a solution please.


Now my question is

a.       how I am sure that my PPolicy.schema is created? I don’t have any ppolicy.la

b.       what does do policy.la.