Bonjour,
Je mets en place un ldap avec la politique de mot de passe.
Je suis Debian Linux ldap-test 2.6.35.10-guest-squeeze.
J'utilise la version de ldap 2.4.23 et la derniere version phpldapadmin.
J'ai mis en place mes users ainsi que ma politique de mot de passe.
Voici mon fichier de conf de sldap.conf :
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/radius.schema
include /etc/ldap/schema/ppolicy.schema
moduleload ppolicy.la
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel -1024
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
for indexing.
tool-threads 1
backend hdb
database hdb
suffix "dc=credit-agricole,dc=fr"
overlay ppolicy
# rootdn directive for specifying a superuser on the database.
rootdn "cn=Manager,dc=credit-agricole,dc=fr"
rootpw {SSHA}cYs2e9MdercOPDfgIUb3HTOfLM/BuzEP
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
ppolicy_default "cn=dure,ou=politique-dure,dc=credit-agricole,dc=fr"
ppolicy_use_lockout
# Methode de hash pour stocker les password
password-hash {SHA},{SSHA}
# For the Debian package we use 2MB as default but be sure to update this
value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass,uid,uidNumber,gidNumber,memberUid,Class eq
index cn,mail,surname,givenname
eq,subinitial
index entryCSN,entryUUID eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system failure
and to speed slapd shutdown.
checkpoint 512 30
access to attrs=userPassword
by dn="cn=Replicator,dc=credit-agricole,dc=fr" write
by self write
by anonymous auth
by * none
access to *
by dn="cn=Replicator,dc=credit-agricole,dc=fr" write
by self write
by users read
by * read
Lorsque le user se connecte et veut changer son mot de passe avec la
commande : password ou ldappasswd il a le message d'erreur :
ldappasswd
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
ou encore
passwd
Enter login(LDAP) password:
passwd : Utilisateur inconnu par le module d'authentification sous-jacent
Mot de passe non changé
j'utilise pam.d, les fichiers common-auth, common-account, common-passwd,
common-session
Merci par avance pour votre aide.
Pat
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
