2014-11-14 0:31 GMT+01:00 Guruprasad Kulkarni <[email protected]>:
> Hi, > > I installed openldap 2.4.40 on ubuntu 12.04LTS > > I enabled ppolicy while configuring the installation. > ./configure --enable-hdb --enable-ppolicy --enable-syncprov --with-tls > > I want to specify a password check module (to check for minimum upper > cases, lower cases, digits, etc). > > I got the module from > http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password > > I created a password policy very similar to the one given in the > documentation: > > dn: cn=default,ou=policies,dc=example,dc=com > cn: default > objectClass: pwdPolicy > objectClass: person > objectClass: top > pwdAllowUserChange: TRUE > pwdAttribute: userPassword > pwdCheckQuality: > 1 > pwdCheckModule: check_password.so > pwdExpireWarning: 600 > pwdFailureCountInterval: 30 > pwdGraceAuthNLimit: > 0 > > pwdInHistory: 5 > 3 > pwdLockout: TRUE > pwdLockoutDuration: > 60 > 0 > pwdMaxAge: > 1200 > pwdMaxFailure: > 3 > pwdMinAge: 0 > pwdMinLength: > 8 > pwdMustChange: FALSE > pwdSafeModify: FALSE > sn: dummy value > > > slapd.conf: > > modulepath /usr/local/lib > moduleload check_password.so > > > > > While adding this password policy to ldap, I get the error: > > ldap_add: Object class violation (65) > attribute info: attribute 'pwdCheckModule' not allowed > > The log level is 256 and doesn't say much besides giving the same error. > > Let me know where I have gone wrong. > > Hi, you need to add the objectClass pwdPolicyChecker to use the attribute pwdCheckModule. Clément.
