[Date Prev][Date Next] [Chronological] [Thread] [Top]

Check password module/ppolicy problem on Solaris 10 (2.4.21 OL sources) server



Hello everyone!,

I am trying to get my solaris 10 openldap 2.4.21 server to use my check_password.so module using the ppolicy overlay.  When I try to change a user's
password from a linux client, I get the following error message.

passwd ldapuser
Changing password for ldapuser.
Enter login(LDAP) password:
New Password:
Reenter New Password:
LDAP password information update failed: Constraint violation
Password fails quality checking policy
passwd: Permission denied


Within
my logs, I do not see any error messages from my check_password.so
module.  I created the directory /opt/openldap/etc/openldap/modules and
placed my module in that directory and I added the modulepath in my
slapd.conf.

Is there something I missed?   Is this a PAM thing? I know this setup works on a OpenSUSE 11.2 openldap server.  Help.

I included part of my slapd.conf, openldap configure, check_password.c source, makefile and ldd of my check_password.so. 

Thanks!!!!

Jose Torres


openldap configure
******************

CC=/usr/sfw/bin/gcc CPPFLAGS=-I/opt/openldap/include \
LDFLAGS="-L/opt/openldap/lib -R/opt/openldap/lib" \
./configure --prefix=/opt/openldap --with-tls \
--enable-spasswd --enable-crypt --with-gnu-ld \
--enable-ppolicy --enable-modules --enable-dynamic


slapd.conf:
**********

include         /opt/openldap/etc/openldap/schema/ppolicy.schema

# Add password policies.
modulepath /opt/openldap/etc/openldap/modules
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=caci,dc=ymp,dc=com"
ppolicy_use_lockout

I tried ppolicy_clear_txt I still have the same problem.

check_password.c:
****************

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "portable.h"
#include "slap.h"

int init_module()
{
    return 0;
}

int check_password(char *pPasswd, char **ppErrStr, Entry *pEntry)
{
   char error=0;
   char retmsg[255];
   char *message,*buffer,*token;
   const char special[] ="!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
   const char number[] ="1234567890";
   const char CAPS[] ="ABCDEFGHIJKLMNOPQRSTUVWXYZ";

   error = 0;


   if (strstr( pPasswd, " ") != NULL)
   {
      error = 1;
      strcpy(retmsg , "******** CHECKPW: Password contains SPACES! ********");
   }

   buffer = strdup(pPasswd);
   token = strtok(buffer,special);
   if ( !(strcmp(token,pPasswd)) || (token == NULL) )
   {
      error = 1;
      strcpy(retmsg , "******** CHECKPW: Password does not contain any special c
haracters! ********");
   }

   buffer = strdup(pPasswd);
   token = strtok(buffer,number);

   if ( !(strcmp(token,pPasswd)) || (token == NULL) )
   {
      error = 1;
      strcpy(retmsg , "******** CHECKPW: Password does not contain any numbers!
********");
   }

   buffer = strdup(pPasswd);
   token = strtok(buffer,number);

   if ( !(strcmp(token,pPasswd)) || (token == NULL) )
   {
      error = 1;
               strcpy(retmsg , "******** CHECKPW: Password does not contain any CAPITAL L
ETTERS! ********");
   }

   if (error)
   {
      /* Allocate  */
      message = (char *)malloc(sizeof(char) * (strlen(retmsg)+1));
      /* Copy the contents of the string. */
      strcpy(message, retmsg);
      *ppErrStr=message;
   }
   return error;
}

Makefile:
*********

check_password.so: check_password.o
        gcc -L/opt/openldap/lib -lldap -shared -o check_password.so check_passwo
rd.o
check_password.o: check_password.c
        gcc -fpic -I../../include -I. -c check_password.c
clean:
        rm check_password.so check_password.o


It seems to find the right libraries.

$ ldd modules/check_password.so
        libldap-2.4.so.2 =>      /opt/openldap/lib/libldap-2.4.so.2
        libgcc_s.so.1 =>         /usr/sfw/lib/libgcc_s.so.1
        liblber-2.4.so.2 =>      /opt/openldap/lib/liblber-2.4.so.2
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libsasl.so.1 =>  /usr/lib/libsasl.so.1
        libssl.so.0.9.7 =>       /usr/sfw/lib/libssl.so.0.9.7
        libcrypto.so.0.9.7 =>    /usr/sfw/lib/libcrypto.so.0.9.7
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libmd.so.1 =>    /usr/lib/libmd.so.1
        libscf.so.1 =>   /usr/lib/libscf.so.1
        libdoor.so.1 =>  /usr/lib/libdoor.so.1
        libuutil.so.1 =>         /usr/lib/libuutil.so.1
        libssl_extra.so.0.9.7 =>         /usr/sfw/lib/libssl_extra.so.0.9.7
        libcrypto_extra.so.0.9.7 =>      /usr/sfw/lib/libcrypto_extra.so.0.9.7
        libm.so.2 =>     /usr/lib/libm.so.2