https://bugs.openldap.org/show_bug.cgi?id=9656
--- Comment #10 from [email protected] <[email protected]> --- slapd.conf: loglevel 0xffff include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/sudo.schema include /usr/local/etc/openldap/schema/openssh-lpk-openldap.schema allow bind_v2 pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args modulepath /usr/local/libexec/openldap moduleload syncprov.la moduleload accesslog.la moduleload pw-sha2.la serverID 1 password-hash {SHA512} TLSCACertificateFile /etc/pki/CA/certs/CAcert.pem TLSCertificateFile /etc/pki/CA/certs/newldap0.mgt.cert.pem TLSCertificateKeyFile /etc/pki/CA/private/newldap0.mgt.key.pem TLSVerifyClient demand access to dn.base="" by * read access to attrs=userPassword,shadowLastChange access to * database config rootdn "cn=admin,cn=config" rootpw {SHA512}<obfuscated> access to attrs=userPassword,shadowLastChange access to * database monitor access to * database mdb maxsize 1073741824 suffix "dc=lecpq,dc=com" rootdn "cn=Manager,dc=lecpq,dc=com" rootpw {SHA512}<obfuscated> directory /usr/local/var/openldap-data index objectClass eq,pres index sudoUser eq index sudoHost eq index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 500 access to attrs=userPassword,shadowLastChange access to * overlay ppolicy ppolicy_default "cn=DefaultPassword,ou=Policies,dc=lecpq,dc=com" ppolicy_use_lockout checkpoint 10240 720 policy in schema: dn: cn=DefaultPassword,ou=Policies,dc=lecpq,dc=com cn: DefaultPassword objectClass: top objectClass: device objectClass: pwdPolicy objectClass: pwdPolicyChecker pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 604800 pwdGraceAuthNLimit: 0 pwdLockout: TRUE pwdLockoutDuration: 300 pwdMaxFailure: 5 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: TRUE structuralObjectClass: device entryUUID: cdc64442-6617-1035-98aa-075e3d1a7c2f creatorsName: cn=Manager,dc=lecpq,dc=com createTimestamp: 20160212210326Z pwdMinAge: 86400 pwdMaxAge: 5184000 pwdMinLength: 15 pwdInHistory: 4 pwdCheckModule: ppm.so entryCSN: 20210830143808.705188Z#000000#001#000000 modifiersName: cn=Manager,dc=lecpq,dc=com modifyTimestamp: 20210830143808Z This is the setup that failed. adding the full path to pwdCheckModule and the attribute pwdCheckModuleArg (populated) caused it to work. -- You are receiving this mail because: You are on the CC list for the issue.
