Le 12 novembre 2009 23:01, Evo <[email protected]> a écrit : > Hi, > > I am sorry but this whole thing does not work. None of my password policy > entries do not kick in. None of this: > > pwdMaxAge: 7776000 > pwdInHistory: 4 > pwdCheckQuality: 2 > pwdMinLength: 8 > pwdExpireWarning: 1209600 > pwdGraceAuthNLimit: 1 > pwdLockout: TRUE > pwdLockoutDuration: 1800 > pwdMaxFailure: 5 > pwdMustChange: TRUE > > I can set a password that is 4 character long. I can try to login 10 times > and it will still not lock my account. I do not know what I am doing wrong. > > My conf file is pretty much this: > > include /usr/local/openldap/etc/openldap/schema/core.schema > include /usr/local/openldap/etc/openldap/schema/cosine.schema > include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema > include /usr/local/openldap/etc/openldap/schema/nis.schema > include /usr/local/openldap/etc/openldap/schema/ppolicy.schema > > pidfile /usr/local/openldap/var/run/slapd.pid > argsfile /usr/local/openldap/var/run/slapd.args > > modulepath /usr/local/openldap/lib/ > database bdb > suffix "dc=voxeo,dc=net" > rootdn "cn=Admin,dc=voxeo,dc=net" > Rootpw xxxxxxxxxxxxxx > index objectClass eq > > overlay ppolicy > ppolicy_default "cn=default,ou=pwpolicies,dc=voxeo,dc=net" > ppolicy_use_lockout > > And the policy: > > # pwpolicies, voxeo.net > dn: ou=pwpolicies,dc=voxeo,dc=net > ou: pwpolicies > objectClass: organizationalUnit > > # default, pwpolicies, voxeo.net > dn: cn=default,ou=pwpolicies,dc=voxeo,dc=net > objectClass: top > objectClass: pwdPolicy > objectClass: device > objectClass: pwdPolicyChecker > cn: default > pwdCheckModule: check_password.so > pwdAttribute: userPassword > pwdMaxAge: 7776000 > pwdInHistory: 4 > pwdCheckQuality: 2 > pwdMinLength: 8 > pwdExpireWarning: 1209600 > pwdGraceAuthNLimit: 1 > pwdLockout: TRUE > pwdLockoutDuration: 1800 > pwdMaxFailure: 5 > pwdMustChange: TRUE > > > Please if you could help. I have been trying to make this work for one week > now. I am running your packages on CentOS release 5.4 (Final) x86_64 > > The installed packages are: > > rpm -qa | grep -i ldap > > php-ldap-5.1.6-23.2.el5_3 > openldap-2.3.43-3.el5 > python-ldap-2.2.0-2.1 > perl-LDAP-0.33-3.fc6 > openldap-2.3.43-3.el5 > nss_ldap-253-22.el5_4 > nss_ldap-253-22.el5_4 > openldap-ltb-debuginfo-2.4.19-1.el5 > openldap-ltb-check-password-1.1-1.el5 > openldap-ltb-2.4.19-1.el5 > > Any help will be greatly appreciated.
Configuration looks fine. One question, do you modify the password as a user or as the rootdn? You have to know that ppolicy is not applied if the LDAP request is done with rootdn credentials. Can you activate logs on OpenLDAP ? _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
