Hi, I am sorry but this whole thing does not work. None of my password policy entries do not kick in. None of this:
pwdMaxAge: 7776000 pwdInHistory: 4 pwdCheckQuality: 2 pwdMinLength: 8 pwdExpireWarning: 1209600 pwdGraceAuthNLimit: 1 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxFailure: 5 pwdMustChange: TRUE I can set a password that is 4 character long. I can try to login 10 times and it will still not lock my account. I do not know what I am doing wrong. My conf file is pretty much this: include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/ppolicy.schema pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args modulepath /usr/local/openldap/lib/ database bdb suffix "dc=voxeo,dc=net" rootdn "cn=Admin,dc=voxeo,dc=net" Rootpw xxxxxxxxxxxxxx index objectClass eq overlay ppolicy ppolicy_default "cn=default,ou=pwpolicies,dc=voxeo,dc=net" ppolicy_use_lockout And the policy: # pwpolicies, voxeo.net dn: ou=pwpolicies,dc=voxeo,dc=net ou: pwpolicies objectClass: organizationalUnit # default, pwpolicies, voxeo.net dn: cn=default,ou=pwpolicies,dc=voxeo,dc=net objectClass: top objectClass: pwdPolicy objectClass: device objectClass: pwdPolicyChecker cn: default pwdCheckModule: check_password.so pwdAttribute: userPassword pwdMaxAge: 7776000 pwdInHistory: 4 pwdCheckQuality: 2 pwdMinLength: 8 pwdExpireWarning: 1209600 pwdGraceAuthNLimit: 1 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxFailure: 5 pwdMustChange: TRUE Please if you could help. I have been trying to make this work for one week now. I am running your packages on CentOS release 5.4 (Final) x86_64 The installed packages are: rpm -qa | grep -i ldap php-ldap-5.1.6-23.2.el5_3 openldap-2.3.43-3.el5 python-ldap-2.2.0-2.1 perl-LDAP-0.33-3.fc6 openldap-2.3.43-3.el5 nss_ldap-253-22.el5_4 nss_ldap-253-22.el5_4 openldap-ltb-debuginfo-2.4.19-1.el5 openldap-ltb-check-password-1.1-1.el5 openldap-ltb-2.4.19-1.el5 Any help will be greatly appreciated. Regards Evo. On 12/11/2009 20:59, "Clément OUDOT" <[email protected]> wrote: > 2009/11/12 Evo <[email protected]>: >> Hi, >> >> I am sorry if this is a silly question but I can not get the ppolicy to >> work. I installed the rpms (2.4.19) distributed on your website. >> Configured openLDAP and it all works fine with the exception of the ppolicy. >> >> In the slapd.conf file is listed: >> >> modulepath /usr/local/openldap/libexec/openldap >> >> But the rpm did not create such direstory. I made a global search for >> ppolicy.la¹ but this file was not installed byt the rpms either. I do not >> know if this is the problem but my >> >> Entry in the slapd.conf >> >> overlay ppolicy >> ppolicy_default cn=default,ou=pwpolicies,dc=voxeo,dc=net >> ppolicy_use_lockout >> >> And the DIT entry: >> >> dn: cn=default,ou=pwpolicies,dc=voxeo,dc=net >> objectClass: top >> objectClass: pwdPolicy >> objectClass: device >> objectClass: pwdPolicyChecker >> cn: default >> pwdCheckModule: check_password.so >> pwdAttribute: userPassword >> pwdMaxAge: 7776000 >> pwdInHistory: 4 >> pwdCheckQuality: 2 >> pwdMinLength: 8 >> pwdExpireWarning: 1209600 >> pwdGraceAuthNLimit: 1 >> pwdLockout: TRUE >> pwdLockoutDuration: 1800 >> pwdMaxFailure: 5 >> pwdMustChange: TRUE >> >> >> Do not do anything. >> >> Can you help? > > > Hello Evo, > > overlays are all static compiled so you will not have any .la > > But you are right, there is a pb with the modulepath setting. The > "check_password.so" is searched in modulepath. But check_password.so > is in /usr/local/openldap/lib, so set modulepath to this directory and > it should work. > > Clément. > _______________________________________________ > ltb-users mailing list > [email protected] > http://lists.ltb-project.org/listinfo/ltb-users _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
