[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password Policy setting

 

I read the entry in Chapter 6

http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples

regarding setting the Password Policy Control.

 

I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43

 

I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:

 

 

$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret  -f /etc/openldap/data/ppolicy.ldif

adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"

 

adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"

ldapadd: Object class violation (65)

        additional info: no structural object class provided

 

Any idea why I am getting this error? Am I missing an objectClass in the policy definition? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?

 

Any help is appreciated.

 

 

The output from the server is:

 

<= index_entry_add( 12, "ou=pwdpolicies,dc=zes_example,dc=com" ) success

=> entry_encode(0x0000000c): ou=pwdpolicies,dc=zes_example,dc=com

bdb_add: added id=0000000c dn="ou=pwdpolicies,dc=zes_example,dc=com"

send_ldap_result: conn=7 op=1 p=3

send_ldap_response: msgid=2 tag=105 err=0

ber_flush: 14 bytes to sd 9

connection_get(9): got connid=7

connection_read(9): checking for input on id=7

ber_get_next

ber_get_next: tag 0x30 len 369 contents:

ber_get_next

do_add

ber_scanf fmt ({m) ber:

>>> dnPrettyNormal: <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>

<<< dnPrettyNormal: <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>, <cn=default,ou=pwdpolicies,dc=zes_example,dc=com>

 

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt ({m{W}}) ber:

ber_scanf fmt (}) ber:

bdb_dn2entry("cn=default,ou=pwdpolicies,dc=zes_example,dc=com")

=> bdb_dn2id("cn=default,ou=pwdpolicies,dc=zes_example,dc=com")

<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

bdb_referrals: op=104 target="cn=default,ou=pwdpolicies,dc=zes_example,dc=com" matched="ou=pwdpolicies,dc=zes_example,dc

=com"

bdb_add: entry failed op attrs add: no structural object class provided (65)

send_ldap_result: conn=7 op=2 p=3

send_ldap_response: msgid=3 tag=105 err=65

ber_flush: 49 bytes to sd 9

connection_get(9): got connid=7

connection_read(9): checking for input on id=7

ber_get_next

ber_get_next: tag 0x30 len 5 contents:

ber_get_next

do_unbind

ber_get_next on fd 9 failed errno=0 (No error)

connection_closing: readying conn=7 sd=9 for close

connection_close: deferring conn=7 sd=9

connection_resched: attempting closing conn=7 sd=9

connection_close: conn=7 sd=9

 

-------------------------------------------

The policy.ldif:

 

dn: ou=pwdpolicies,dc=zes_example,dc=com

ou: pwdpolicies

description: All password Policies

objectClass: organizationalUnit

 

# Default Password Policy

dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com

objectClass: pwdPolicy

cn: default

pwdAllowUserChange: TRUE

pwdExpireWarning: 259200

pwdFailureCountInterval: 100

pwdGraceAuthNLimit:  0

pwdInHistory: 3

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxFailure: 5

pwdMaxAge: 77760000

pwdMinLength: 6

 

#

# Short-lived Password Policy (to be used for testing purposes - 1-day pwd live)

#

dn: cn=short_lived,ou=pwdpolicies,dc=example,dc=com

objectClass: pwdPolicy

cn: short_lived

pwdMaxAge: 86400

pwdInHistory: 3

pwdMaxFailure: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdGraceAuthNLimit: 0

pwdFailureCountInterval: 0

pwdMinLength: 6

pwdAllowUserChange: TRUE

 

The commands in my slapd.conf are:

 

include                  /etc/openldap/schema/ppolicy.schema

… (not usre if I need the next line)

loadmodule ppolicy.la

 

# invokes password policies for this DIT only

overlay ppolicy

# Default ppolicy

ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"

# Some ppolicy directives

ppolicy_use_lockout

 

------------------------------------------------------------------------------

 

 

Gisella Saavedra
Sr. Software Engineer
gsaavedra@zebra.com

http://www.navis.com/images/spacer.gif

1000 Broadway, Suite 150, Oakland, CA 94607   |  T+1 510 267 5123  T Main+1 510 267 5000  F+1 510 267 5100  |  http://www.zebra.com/zes

 

 

 

- CONFIDENTIAL-

This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.