Am 13.09.2010 10:30, schrieb Julien Vehent: > Hello all, > > I'm trying to add a default password policy to my directory. I have set > the following parameters in slapd.conf: > > ---- > include /etc/ldap/schema/ppolicy.schema > [...] > moduleload ppolicy > [...] > backend hdb > database hdb > suffix "dc=example,dc=net" > [...] > # Password policy > overlay ppolicy > ppolicy_default "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" > ---- > > I have created the OU 'policies' just fine, but when I try to add a > pwdPolicy object, i get the following error: > > ---- > # ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF > dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net > objectClass: pwdPolicy > objectClass: top > pwdAttribute: userPassword > pwdAllowUserChange: TRUE > pwdInHistory: 2 > pwdMaxFailure: 10 > pwdLockout: TRUE > pwdLockoutDuration: 1800 > pwdMinLength: 6 > EOF > Enter LDAP Password: > adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net" > ldap_add: Invalid syntax (21) > additional info: objectClass: value #0 invalid per syntax > ---- > > The Schema is properly loaded, the ppolicy.so module is in the path (ie, > /usr/lib/ldap on debian). So, I'm out of ideas. Anything I've missed here ? > > Thanks for your help, > Julien >
Hi, pwdPolicy is an auxiliary objectClass. You have to use it in conjunction with a structural objectClass. Look at the example from the admin guide: <http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies> Regards, Christian Manal
