Ok, so
load the module, does it matter where in the slapd.conf file?
Is the format simply:
database mdb
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
OR is it something like,
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: ppolicy.la
THEN load it with ldapadd ?
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/ppmodule.ldif
Thank you,
Liz
On 6/1/22, 11:45 AM, "Quanah Gibson-Mount" <qua...@fast-mail.org> wrote:
--On Wednesday, June 1, 2022 7:02 PM +0000 "Real Villafan, Elizabeth (US
392K)" <elizabeth.r...@jpl.nasa.gov> wrote:
>
>
>
> Hello,
>
>
> I'm upgrading from openldap 2.4 running on RHEL7 up to 2.6.2 and RHEL8 on
> new hardware, apparently the way to configure password policy now is by
> configuring the slapd.conf file rather than loading the ppolicy schema.
> How do I modify that file properly? I read
>
https://urldefense.us/v3/__https://www.openldap.org/doc/admin26/overlays.html*Password*20Policies__;IyU!!PvBDto6Hs4WbVuu7!Y9KjHIHR2b5w95j-wHLtWF7x0lXkGupQitZEDuiRcwoG_Yc47GBZNtoc6nuWErAHPtyHkVLB$
You always configured password policies by loading the module. The only
change is that instead of having to combine both the schema file and the
module, you only need the module.
> on section 12.10.2. Password Policy Configuration, what does it mean to
> "Instantiate the module in the database"? do you have a sample slapd.conf
> file I can refer to?
The same way you load any other overlay for use with a database.
database mdb
...
overlay ppolicy
...
--Quanah
