[Date Prev][Date Next] [Chronological] [Thread] [Top]

Oracle OpenLDAP PPolicy ppolicy and the hierarchy



In Use:  Oracle OpenLDAP 2.4.30, I cannot change to the OpenLDAP version that one can compile.

Problem:  I have the module and overlay in the conf files and slaptest says it’s fine.  Both files are from Openldap.org version 2.4.37But how do I test it?

 

I have created unix shell scripts to do actions like add, delete, modify, view, etc. I can share these if requested.   

 

But I am unsure on the lock, unlock, policy stuff.

 

Also, How should the OpenLDAP hierarchy look?

 

Here’s mine:

 

dn: dc=bozo_company,dc=com

ou: com

objectClass: dcObject

objectClass: organizationalUnit

objectClass: top

dc: bozo_company

userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

dn: cn=Directory Administrators,dc=bozo_company,dc=com

objectClass: top

objectClass: groupOfUniqueNames

cn: Directory Administrators

uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

 

dn: ou=Groups,dc=bozo_company,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Groups

 

dn: ou=People,dc=bozo_company,dc=com

objectClass: top

objectClass: organizationalUnit

ou: People

 

dn: ou=Special Users,dc=bozo_company,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Special Users

description: Special Administrative Accounts

 

dn: cn=Accounting Managers,ou=groups,dc=bozo_company,dc=com

objectClass: top

objectClass: groupOfUniqueNames

cn: Accounting Managers

ou: groups

description: People who can manage accounting entries

uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

uniqueMember: uid=Replica,ou=People,dc=bozo_company,dc=com

uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

 

dn: cn=HR Managers,ou=groups,dc=bozo_company,dc=com

objectClass: top

objectClass: groupOfUniqueNames

cn: HR Managers

ou: groups

description: People who can manage HR entries

uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

 

dn: cn=QA Managers,ou=groups,dc=bozo_company,dc=com

objectClass: top

objectClass: groupOfUniqueNames

cn: QA Managers

ou: groups

description: People who can manage QA entries

uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

 

dn: cn=PD Managers,ou=groups,dc=bozo_company,dc=com

objectClass: top

objectClass: groupOfUniqueNames

cn: PD Managers

ou: groups

description: People who can manage engineer entries

uniqueMember: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

uniqueMember: cn=david.barr,ou=People,dc=bozo_company,dc=com

 

dn: ou=Services,dc=bozo_company,dc=com

ou: Services

objectClass: top

objectClass: organizationalUnit

 

dn: ou=DML,ou=Services,dc=bozo_company,dc=com

ou: DML

objectClass: top

objectClass: organizationalUnit

 

dn: ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

ou: 1.0

objectClass: top

objectClass: organizationalUnit

 

dn: ou=UserForm,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

ou: UserForm

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Configuration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

ou: Configuration

objectClass: top

objectClass: organizationalUnit

 

dn: cn=Configuration:#ID#Configuration:SystemConfiguration,ou=Configuration,ou=1

.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:SystemConfiguration

 

dn: cn=Configuration:#ID#Configuration:CustomRoles,ou=Configuration,ou=1.0,ou=DM

L,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:CustomRoles

 

dn: cn=Configuration:#ID#Configuration:DmlManagedDirectory,ou=Configuration,ou=1

.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DmlManagedDirectory

 

dn: cn=UserForm:#ID#UserForm:DefaultUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic

es,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultUserForm

 

dn: cn=UserForm:#ID#UserForm:DefaultNtUserForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultNtUserForm

 

dn: cn=UserForm:#ID#UserForm:DefaultHomeForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic

es,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultHomeForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDMLObjectForm,ou=UserForm,ou=1.0,ou=DML,ou=S

ervices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDMLObjectForm

 

dn: cn=UserForm:#ID#UserForm:DefaultCreateForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultCreateForm

 

dn: cn=UserForm:#ID#UserForm:DefaultObjectClassSelectionForm,ou=UserForm,ou=1.0,

ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultObjectClassSelectionForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDisplayComponentFields,ou=UserForm,ou=1.0,ou

=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDisplayComponentFields

 

dn: cn=UserForm:#ID#UserForm:DefaultEditFieldForm,ou=UserForm,ou=1.0,ou=DML,ou=S

ervices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultEditFieldForm

 

dn: cn=UserForm:#ID#UserForm:DefaultListFormsForm,ou=UserForm,ou=1.0,ou=DML,ou=S

ervices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultListFormsForm

 

dn: cn=UserForm:#ID#UserForm:DefaultEditFormForm,ou=UserForm,ou=1.0,ou=DML,ou=Se

rvices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultEditFormForm

 

dn: cn=UserForm:#ID#UserForm:DefaultGroupForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi

ces,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultGroupForm

 

dn: cn=UserForm:#ID#UserForm:DefaultFindLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Ser

vices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultFindLibrary

 

dn: cn=UserForm:#ID#UserForm:DefaultGroupFilterForm,ou=UserForm,ou=1.0,ou=DML,ou

=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultGroupFilterForm

 

dn: cn=UserForm:#ID#UserForm:DefaultOuForm,ou=UserForm,ou=1.0,ou=DML,ou=Services

,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultOuForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDomainForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDomainForm

 

dn: cn=UserForm:#ID#UserForm:DefaultLocalityForm,ou=UserForm,ou=1.0,ou=DML,ou=Se

rvices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultLocalityForm

 

dn: cn=UserForm:#ID#UserForm:DefaultFindForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic

es,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultFindForm

 

dn: cn=UserForm:#ID#UserForm:DefaultSearchConfigForm,ou=UserForm,ou=1.0,ou=DML,o

u=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultSearchConfigForm

 

dn: cn=Configuration:#ID#Configuration:DefaultSearchOptions,ou=Configuration,ou=

1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DefaultSearchOptions

 

dn: cn=UserForm:#ID#UserForm:DefaultCOSTemplateForm,ou=UserForm,ou=1.0,ou=DML,ou

=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultCOSTemplateForm

 

dn: cn=UserForm:#ID#UserForm:DefaultExtensionsEditForm,ou=UserForm,ou=1.0,ou=DML

,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultExtensionsEditForm

 

dn: cn=UserForm:#ID#UserForm:DefaultManagedDirectoryForm,ou=UserForm,ou=1.0,ou=D

ML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultManagedDirectoryForm

 

dn: cn=UserForm:#ID#UserForm:DefaultOrganizationPickerForm,ou=UserForm,ou=1.0,ou

=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultOrganizationPickerForm

 

dn: cn=UserForm:#ID#UserForm:DefaultListNamingAttributesForm,ou=UserForm,ou=1.0,

ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultListNamingAttributesForm

 

dn: cn=UserForm:#ID#UserForm:DefaultNamingAttributeForm,ou=UserForm,ou=1.0,ou=DM

L,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultNamingAttributeForm

 

dn: cn=UserForm:#ID#UserForm:DefaultRolesForm,ou=UserForm,ou=1.0,ou=DML,ou=Servi

ces,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultRolesForm

 

dn: cn=UserForm:#ID#UserForm:DefaultRoleForm,ou=UserForm,ou=1.0,ou=DML,ou=Servic

es,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultRoleForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDeleteForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDeleteForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm,ou=UserForm,ou=1.0,

ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDeleteGeneralPurposeForm

 

dn: cn=UserForm:#ID#UserForm:DefaultEnableForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultEnableForm

 

dn: cn=UserForm:#ID#UserForm:DefaultDisableForm,ou=UserForm,ou=1.0,ou=DML,ou=Ser

vices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultDisableForm

 

dn: cn=UserForm:#ID#UserForm:DefaultRenameForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultRenameForm

 

dn: cn=UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm,ou=UserForm,ou=1.0,o

u=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultConfigBackupRestoreForm

 

dn: cn=UserForm:#ID#UserForm:DefaultBrowseForm,ou=UserForm,ou=1.0,ou=DML,ou=Serv

ices,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultBrowseForm

 

dn: cn=Configuration:#ID#Configuration:ComponentProperties,ou=Configuration,ou=1

.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:ComponentProperties

 

dn: cn=Configuration:#ID#Configuration:DefaultFormConfiguration,ou=Configuration

,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DefaultFormConfiguration

 

dn: cn=Configuration:#ID#Configuration:DefaultRoles,ou=Configuration,ou=1.0,ou=D

ML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DefaultRoles

 

dn: cn=Configuration:#ID#Configuration:DefaultCapabilities,ou=Configuration,ou=1

.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DefaultCapabilities

 

dn: cn=Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration,ou=C

onfiguration,ou=1.0,ou=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:DefaultNamingAttributesConfiguration

 

dn: cn=UserForm:#ID#UserForm:DefaultEditPasswordForm,ou=UserForm,ou=1.0,ou=DML,o

u=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:DefaultEditPasswordForm

 

dn: cn=Configuration:#ID#Configuration:WPSearchOptions,ou=Configuration,ou=1.0,o

u=DML,ou=Services,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: Configuration:#ID#Configuration:WPSearchOptions

 

dn: cn=UserForm:#ID#UserForm:WPSearchLibrary,ou=UserForm,ou=1.0,ou=DML,ou=Servic

es,dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:WPSearchLibrary

 

dn: cn=UserForm:#ID#UserForm:WPSearchForm,ou=UserForm,ou=1.0,ou=DML,ou=Services,

dc=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:WPSearchForm

 

dn: cn=UserForm:#ID#UserForm:WPViewForm,ou=UserForm,ou=1.0,ou=DML,ou=Services,dc

=bozo_company,dc=com

objectClass: top

objectClass: applicationProcess

description::

cn: UserForm:#ID#UserForm:WPViewForm

 

dn: cn=clownadmin,ou=Special Users,dc=bozo_company,dc=com

sn: clownadmin

ou: People

ou: Special Users

cn: clownadmin

objectClass: top

objectClass: person

objectClass: organizationalPerson

userPassword: {SHA}ZC/bQou6tU8wl3TJ6dCoSasxgVA=

 

dn: uid=Replica,ou=People,dc=bozo_company,dc=com

uid: Replica

cn: Replica

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

shadowLastChange: 13761

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 22222

gidNumber: 100

homeDirectory: /tmp

gecos: Replica userid for slave LDAP servers

 

dn: cn=david.m.barr,ou=People,dc=bozo_company,dc=com

uid: david.m.barr

sn: david.m.barr

ou: People

cn: david.m.barr

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: uidObject

objectClass: pwdPolicyChecker

objectClass: pwdPolicy

pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

pwdAttribute: userPassword

userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

dn: cn=Test.user02,ou=People,dc=bozo_company,dc=com

uid: Test.user02

sn: Test.user02

ou: People

cn: Test.user02

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: uidObject

objectClass: pwdPolicyChecker

objectClass: pwdPolicy

pwdCheckModule:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

pwdAttribute: userPassword

pwdLockout: TRUE

userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

dn: cn=Test.user04,ou=People,dc=bozo_company,dc=com

uid: Test.user04

sn: Test.user04

ou: People

cn: Test.user04

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: uidObject

userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

dn: ou=Policies,dc=bozo_company,dc=com

objectClass: top

objectClass: organizationalUnit

ou: Policies

 

dn: cn=Password Policy,ou=Policies,dc=bozo_company,dc=com

objectClass: top

objectClass: pwdPolicy

objectClass: person

description: The default password policy

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdExpireWarning: 3600

pwdFailureCountInterval: 30

pwdGraceAuthNLimit: 5

pwdInHistory: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxAge: 5184000

pwdMaxFailure: 5

pwdMinAge: 3600

pwdMinLength: 5

pwdMustChange: TRUE

pwdSafeModify: FALSE

sn: Password Policy

cn: Password Policy

 

dn: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com

objectClass: top

objectClass: organizationalUnit

objectClass: pwdPolicy

objectClass: pwdPolicyChecker

ou: Standard Policy

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdMaxFailure: 3

pwdMustChange: TRUE

pwdSafeModify: TRUE

pwdLockoutDuration: 0

pwdCheckModule: ou=Standard Policy,ou=Policies,dc=bozo_company,dc=com

pwdAllowUserChange: TRUE

description: Standard Password Policy

pwdMaxAge: 7776002

pwdExpireWarning: 432000

pwdFailureCountInterval: 120

pwdMinLength: 14

pwdInHistory: 10

pwdGraceAuthNLimit: 0

pwdMinAge: 86400

 

dn: cn=accesslogname,dc=bozo_company,dc=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

ou: accesslogname

description: accesslog

sn: accesslogname

cn: accesslogname

 

dn: cn=john.d.doe,ou=People,dc=bozo_company,dc=com

uid: john.d.doe

sn: john.d.doe

ou: People

cn: john.d.doe

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: uidObject

userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

Anyone out there who can help?

 

-David

dbc@usa.net




CONFIDENTIALITY NOTICE: The information contained in this electronic mail (email) transmission (including attachments), is intended by MCLANE ADVANCED TECHNOLOGIES for the use of the named individual or entity to which it is addressed and may contain information that is privileged, confidential and/or protected as a trade secret. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee(s). If you have received this email in error, please delete it (including attachments) and any copies thereof without printing, copying or forwarding it, and notify the sender of the error by email reply immediately.