[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy overlay doesn't apply


I am trying to use the ppolicy overlay with openldap, version 2.4.20, installed on a SLES 11 SP1 x64, as a package. I have made the following settings in the openldap.conf:
- included the ppolicy.schema
- overlay ppolicy
- ppolicy_default "cn=pwd,ou=Policies,o=...."

I saw that a"'moduleload  ppolicy.la" is also required, but I cannot find the library in /usr/lib/openldap/modules (which is empty). I have compiled the source with --enable-ppolicy=mod/yes with --enable-modules=yes, to see if it would generate the library ppolicy.la, but just generated the slapd binary, so, as it gives no error for the config file, I suppose that the ppolicy part is embedded in the slapd. 

The problem:
When I try to change the password for a user in LDAP, the policy doesn't apply. The clients run on the same OS, but different machines, with pam_ldap-184 and nss-ldap-262. If I open the yast2-ldap-client, I can see that it finds the password policy, but it doesn't get applied. If I follow the requests to the LDAP server, I can see that the client issues a request with the filter objectClass=passwordPolicy, which comes from the pam_ldap, which is written to use the Netscape password policy schema. But in my LDAP I use the pwdPolicy schema, which is a more recent one. I know that the password doesn't get applied because I set the checkQuality attribute to 0 and I expect to let me use whatever password I like. The client has the pam_lookup_policy set to yes.

Can you please point out what I am missing?

Thank you!