[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4096) ppolicy overlay doesn't work when there are subordinate databases

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4096) ppolicy overlay doesn't work when there are subordinate databases
From: kevins@bmrb.co.uk
Date: Mon, 17 Oct 2005 00:24:31 GMT

Sanitized and abbreviated version of my slapd.conf....


# Schemas we need
include         /opt/openldap-2.3.11/etc/openldap/schema/core.schema
include         /opt/openldap-2.3.11/etc/openldap/schema/cosine.schema
include         /opt/openldap-2.3.11/etc/openldap/schema/inetorgperson.schema
include         /opt/openldap-2.3.11/etc/openldap/schema/misc.schema
include         /opt/openldap-2.3.11/etc/openldap/schema/ppolicy.schema
# Additional schemas omitted for brevity

loglevel 256
pidfile         /var/run/slapd/slapd.pid
argsfile        /usr/local/var/slapd.args
replica-pidfile         /var/run/slapd/slurpd.pid
replica-argsfile        /usr/local/var/slurpd.args
replicationinterval 60

defaultsearchbase dc=domain,dc=com
threads 400
password-hash {MD5}

modulepath      /opt/openldap-2.3.11/libexec/openldap
moduleload      ppolicy.la

# TLS options omitted

# Access control omitted
# [ problem occurs even with access to * by * write ]

#######################################################################
# bdb database definitions
#######################################################################

database        bdb
suffix          "ou=machine2,ou=machines,dc=domain,dc=com"
rootdn          "cn=Manager,dc=domain,dc=com"
updatedn        cn=syncuser,dc=domain,dc=com
updateref       ldaps://machine2.domain.com
directory       /var/db/ldap/machine2
subordinate
# Indices to maintain - omitted
cachesize 5000
checkpoint 512 720


## ABOVE SECTION REPEATED FOR 3 OTHER SUBSIDIARY DATABASES (machine3,
machine4, machine5)

## Superior database
database        bdb
suffix          "dc=domain,dc=com"
rootdn          "cn=Manager,dc=domain,dc=com"
rootpw          {MD5}XXXXXXXXXXXXXXXXXXXXX
directory       /var/db/ldap/machine1
overlay         ppolicy
ppolicy_default "cn=users,ou=policy,dc=domain,dc=com"
ppolicy_use_lockout
replica uri=ldaps://machine2.domain.com
        binddn="cn=syncuser,dc=domain,dc=com"
        bindmethod=simple credentials=XXXXXXXXXX
replogfile /var/db/ldap/replogfile
# Several replicas omitted
# Indices to maintain - omitted
cachesize 5000
checkpoint 512 720



=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Prev by Date: Re: (ITS#4082) TLS broken in OPENLDAP_REL_ENG_2_3_10?
Next by Date: Re: Samba segfault caused by OpenLDAP ?
Index(es):
- Chronological
- Thread