multiple password policies and pwdPolicySubentry

Mon, 02 Mar 2015 07:57:07 -0800 

Hi,

I am running openldap 2.4.40 on Ubuntu 12.04

I need to use N-way multi master replication and there are only 2 masters

I am using syncrepl configuration and for the sake of security I didn't
want to use the rootdn credentials for replication (I didnt want slapd.conf
to have its password in plain text in syncrepl section)

So I created a ldapreplicator account on both masters just for replication
and only has read privileges

I also have a default password policy on the ldap which has requirements
that all passwords should expire in 30 days, have lockout duration, etc.

The problem is the password policy is also applied to the ldapreplicator
account and due to this, the synchronization fails once the password
expires.

I tried to add a different password policy to ldapreplicator using
pwdPolicySubentry but keep getting error 21 invalid syntax.

I looked into the documentation and online as well, but I am not sure why I
keep getting the invalid syntax error.

​To keep this post short, I am attaching the slapd.conf, the password
policies (default and for replicator), the ldif containing instructions for
adding password policy to ldapreplicator and log output

I am sure I am missing something, any help would be greatly appreciated​


-- 
-Guruprasad

#OUTPUT OF ldapadd -H "ldap://localhost:389"; -D 
"cn=ldapadmin,dc=example,dc=com" -W -f add_ldapreplicator_ppolicy.ldif

modifying entry "cn=ldapreader,dc=example,dc=com"
ldap_modify: Invalid syntax (21)
        additional info: pwdPolicySubentry: value #0 invalid per syntax



# SERVER OUTPUT

Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 fd=9 ACCEPT from 
IP=127.0.0.1:45980 (IP=0.0.0.0:389)
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=0 BIND 
dn="cn=ldapadmin,dc=example,dc=com" method=128
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=0 BIND 
dn="cn=ldapadmin,dc=example,dc=com" mech=SIMPLE ssf=0
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=0 RESULT tag=97 err=0 text=
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=1 MOD 
dn="cn=ldapreplicator,dc=example,dc=com"
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=1 MOD 
attr=pwdPolicySubentry
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=1 RESULT tag=103 err=21 
text=pwdPolicySubentry: value #0 invalid per syntax
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 op=2 UNBIND
Mar  2 10:48:20 ldaptest01 slapd[1942]: conn=1009 fd=9 closed

Attachment: add_ldapreplicator_ppolicy.ldif
Description: Binary data

Attachment: password policies.ldif
Description: Binary data

Attachment: slapd.conf
Description: Binary data

Reply via email to