how implement pwdpolicy

Rahima Shaheen Tue, 28 Apr 2009 07:13:00 -0700

Hi,


I am very new to open ldap. I can run slap an add edit new entry. Now I
want to implement pwdpolicy. I tried it several times. I like to
describe what I said.

 

1.      run slapd without modifying anything.
2.      create an ou=policies.  Script as following

dn: ou=policies,dc=my-domain,dc=com

objectClass: organizationalUnit

objectClass: top

ou: policies

3.      write policy.schema. 
4.      include policy.schema; but overlay is not added. run slapd
again. In the core.schema attributetype userpassword was comment out
5.      Now I want to create policy.ldif. Script 

dn: cn=default,ou=policies,dc=my-domain,dc=com

cn: default

objectClass: pwdPolicy

objectClass: person

objectClass: top

pwdAllowUserChange: TRUE

pwdAttribute: userPassword

pwdCheckQuality: 2

pwdExpireWarning: 600

pwdFailureCountInterval: 30

pwdGraceAuthNLimit: 5

pwdInHistory: 5

pwdLockout: TRUE

pwdLockoutDuration: 0

pwdMaxAge: 0

pwdMaxFailure: 5

pwdMinAge: 0

pwdMinLength: 5

pwdMustChange: FALSE

pwdSafeModify: FALSE

#sn: 'dummy value' objectClass: organizationalUnit

 

It gives an error "Invalid syntax (21) pwdAttribute: value #0 invalid
per syntax. Why it gives such error?  My assumption is ppolicy.schema
attribute is not created successfully. Another point in core.schema
attributeType; userPassword is comment out. If I uncomment it. slapd -d
1 gives an duplicate attribute type. Give a solution please.

 

Now my question is 

a.       how I am sure that my PPolicy.schema is created? I don't have
any ppolicy.la

b.       what does do policy.la.

how implement pwdpolicy

Reply via email to