[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy configuration


I am trying to apply per domain password policy. [At some point, it
seems, these scripts worked for me, but I must have messed something
up either in the setup or the scripts.]

I managed to load ppolicy.la and from lsof(8), I can see it.
Now, I want to be able to turn password policy on each domain.

I have a simple script invoked as: $sudo ldapmodify -Y EXTERNAL -H
ldapi:/// -f ppolicy.ldif
The ppolicy.ldif is:
dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=ppolicy,ou=policies,dc=example,dc=com
olcPPolicyUseLockout: TRUE
olcPPolicyHashCleartext: TRUE

When I try to add the online configuration, I get:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
adding new entry "olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: User Schema load failed for attribute "pwdAttribute".
Error code 17: attribute type undefined

I also have an LDIF for default policy, added as: $ldapadd -x -D
cn=admin,dc=example,dc=com -W -f default_ppolicy.ldif

It contains:
dn: ou=policies,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: policies

dn: cn=ppolicy,ou=policies,dc=example,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
cn: ppolicy
pwdAttribute: userPassword
pwdInHistory: 8
pwdMinLength: 8
pwdMaxFailure: 3
pwdFailureCountInterval: 1800
pwdCheckQuality: 0
pwdMustChange: TRUE
pwdGraceAuthNLimit: 0
pwdMaxAge: 7776000
pwdExpireWarning: 1209600
pwdLockoutDuration: 900
pwdLockout: TRUE

When I try to add default_ppolicy.ldif, I get:
adding new entry "ou=policies,dc=example,dc=com"
adding new entry "cn=ppolicy,ou=policies,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #2 invalid per syntax

It seems that OU=policies is created, but CN=ppolicy is not created.
Is that right? I have four (4) values for objectClass. How can I find
out which one is triggering the error?

Any suggestions where I should start looking?!

Thank you,

Igor Shmukler