[Date Prev][Date Next] [Chronological] [Thread] [Top]

OLC ppolicy

To: openldap-technical@openldap.org
Subject: OLC ppolicy
From: Jeremy Trammell - DLA <jtrammell@deeplearninganalytics.com>
Date: Wed, 19 Aug 2015 13:07:11 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0

Greetings,

I'm trying to set up a very simple LDAP server using OpenLDAP (via OLC)and it seems hopeless. The sticking point is ppolicy. I have followedseveral online guides(http://www.ryanfrantz.com/posts/openldap-implementing-the-password-policy-overlay/,https://www.oostergo.net/node/85, to name a few), all of which seem toessentially detail the same procedure, and have met with no success.Whilst following those instructions, I receive no error messages. Allcommands complete successfully and do not indicate failures of anykind. Looking at the cn=config and target DITs, all data seems to havebeen imported as expected. Despite that fact, passwd follows a "mysterypolicy" which bears no resemblance to the policy that I have specified,and ldappasswd follows "no policy at all you can do whatever you want".Is there some way for me to empirically determine what these commandsare doing, and why my policy does nothing? Thanks in advance...


cn=module{0},cn=config

objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}ppolicy.la
olcModuleLoad: {1}back_hdb
olcModuleLoad: {2}ppolicy
olcModulePath: /usr/lib/ldap

olcDatabase={1}hdb,cn=config

objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write byanonymous auth by dn="cn=admin,dc=dla" write by * none

olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=dla" write by * read
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcSuffix: dc=dla

olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config

objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=passwordDefault,ou=policies,dc=dla
olcPPolicyForwardUpdates: FALSE
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: FALSE

cn=passwordDefault,ou=policies,dc=dla

objectClass: person
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
objectClass: top
cn: passwordDefault
pwdAttribute: 2.5.4.35
sn: passwordDefault
pwdMinLength: 12

Follow-Ups:
- Re: OLC ppolicy
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: LDAP over SSL ( ldaps )
Next by Date: Re: LDAP over SSL ( ldaps )
Index(es):
- Chronological
- Thread