[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: how implement pwdpolicy

Hi all,

I already solved it myself. Thanks you all for help. I just simply write OID instead of userPassword  in the ldif file.





From: openldap-software-bounces+rs=pyxisnet.com@OpenLDAP.org [mailto:openldap-software-bounces+rs=pyxisnet.com@OpenLDAP.org] On Behalf Of Rahima Shaheen
Sent: Tuesday, April 28, 2009 12:45 PM
To: openldap-software@openldap.org
Subject: how implement pwdpolicy




I am very new to open ldap. I can run slap an add edit new entry. Now I want to implement pwdpolicy. I tried it several times. I like to describe what I said.


  1. run slapd without modifying anything.
  2. create an ou=policies.  Script as following

dn: ou=policies,dc=my-domain,dc=com

objectClass: organizationalUnit

objectClass: top

ou: policies

  1. write policy.schema.
  2. include policy.schema; but overlay is not added. run slapd again. In the core.schema attributetype userpassword was comment out
  3. Now I want to create policy.ldif. Script

dn: cn=default,ou=policies,dc=my-domain,dc=com

cn: default

objectClass: pwdPolicy

objectClass: person

objectClass: top

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdExpireWarning: 600

pwdFailureCountInterval: 30

pwdGraceAuthNLimit: 5

pwdInHistory: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxAge: 0

pwdMaxFailure: 5

pwdMinAge: 0

pwdMinLength: 5

pwdMustChange: FALSE

pwdSafeModify: FALSE

#sn: 'dummy value' objectClass: organizationalUnit


It gives an error “Invalid syntax (21) pwdAttribute: value #0 invalid per syntax. Why it gives such error?  My assumption is ppolicy.schema attribute is not created successfully. Another point in core.schema attributeType; userPassword is comment out. If I uncomment it. slapd –d 1 gives an duplicate attribute type. Give a solution please.


Now my question is

a.       how I am sure that my PPolicy.schema is created? I don’t have any ppolicy.la

b.       what does do policy.la.