[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: invalid syntax (21) error while importing password password policy

To: Quanah Gibson-Mount <quanah@zimbra.com>, Michael Ströder <michael@stroeder.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: invalid syntax (21) error while importing password password policy
From: Philip Bubel <philip@bubel.com>
Date: Tue, 17 Sep 2013 19:57:40 +0000
Accept-language: en-US
Content-language: en-US
In-reply-to: <9E3B7727D8259DAD99F0DFE3@[192.168.1.22]>
References: <CE5DCBC3.26836%philip@bubel.com> <9E3B7727D8259DAD99F0DFE3@[192.168.1.22]>
Thread-index: AQHOsy0AtQpydPEvrUiRqAS508dsP5nJRBeAgAAEoHCAAAfVAIAAWBCAgAA+poCAAGoGgIAABtDg
Thread-topic: invalid syntax (21) error while importing password password policy

I run slapd -d -1 and looked through the output and it appears the policy is loading.  See below.  Any other thoughts?  We are looking at new server versions as well 

ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/cn=schema/cn={10}ppolicy.ldif"
=> str2entry: "dn: cn={10}ppolicy
objectClass: olcSchemaConfig
cn: {10}ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ
 UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b
 ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E
 QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter
 val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
 )
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange'
 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L
 oadable module that instantiates "check_password() function' EQUALITY caseExa
 ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top
  AUXILIARY MAY pwdCheckModule )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
 LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck
 Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
  $ pwdAllowUserChange $ pwdSafeModify ) )
structuralObjectClass: olcSchemaConfig

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] 
Sent: Tuesday, September 17, 2013 11:27 AM
To: Philip Bubel; Michael Ströder; openldap-technical@openldap.org
Subject: Re: invalid syntax (21) error while importing password password policy

--On Tuesday, September 17, 2013 1:07 PM +0000 Philip Bubel <philip@bubel.com> wrote:

> Just confirmed that policy.la is in the correct place.  Here's what I 
> have in slapd.conf
>
> modulepath /usr/lib64/openldap
> moduleload ppolicy.la
>
> [csadmin@XXX openldap]$ ls -la | grep pp
> lrwxrwxrwx   1 root root    20 Aug 22 16:06 ppolicy-2.4.so.2 ->
> ppolicy-2.4.so.2.5.6
> -rwxr-xr-x   1 root root 39824 Apr 29 03:50 ppolicy-2.4.so.2.5.6
> -rwxr-xr-x   1 root root   936 Apr 29 03:49 ppolicy.la
>
> Anything else I can check?

Well, you can start slapd with -d -1 to see if it reports any issues while loading the module.  However, it appears you are continuing to use the RHEL build of OpenLDAP, which is known to be fundamentally broken in a multitude of ways.  Personally, I would move to using the LTB packages, adjust your configuration to use cn=config, and then look at resolving any issues with ppolicy should they remain.

--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra Software, LLC
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- RE: invalid syntax (21) error while importing password password policy
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Re: invalid syntax (21) error while importing password password policy
  - From: Philip Bubel <philip@bubel.com>
- Re: invalid syntax (21) error while importing password password policy
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Multi-master setup in debian
Next by Date: RE: invalid syntax (21) error while importing password password policy
Index(es):
- Chronological
- Thread