[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7945) attribute 'olcPPolicyDefault' not allowed(openldap password policy)



Full_Name: Crane.YQ.Feng
Version: 2.4.23
OS: redhat linux 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (218.29.136.228)


Hello openldap Expert,
     Could anyone do me a big favor. when i config my openldap's function about
the password policy and to define the " olcPPolicyDefault ", a problem has
occurted¡£
  Note(The enldldap has configed ,it is worked on cn=config model) 
   when i add a password default policy entry(olcPPolicyDefault) in to my
openldap database(cn=config). the system returned a error message :

------------------------------------------------------------------------------------

file content(olcPPolicy-new.ldif):
dn: cn=config
changetype: modify
add: olcPPolicyDefault
olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com

[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f 
olcPPolicy-new.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Object class violation (65)
        additional info: attribute 'olcPPolicyDefault7 7 not allowed


Used another way to add this entry,the problem is same: 
-----------------------------------------------------------------------------
olcPPolicyDefault.ldif  file content:
dn: cn=config
changetype: add
olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com


[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f 
olcPPolicyDefault.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=config"
ldap_add: Object class violation (65)
        additional info: no objectClass attribute

So  I can't add olcPPolicyDefault  to make openldap  password policy to 
available.

attachment:
----------------------------------
cn=config  content:
[root@GL-LDAP01 openldap]# ldapsearch -LLLQY  EXTERNAL  -H ldapi:/// -b
cn=config  "(|(olcoverlay=ppolicy))"
dn: olcOverlay={1}ppolicy,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {1}ppolicy
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE

[root@GL-LDAP01 openldap]# ldapsearch -LLLQY  EXTERNAL  -H ldapi:/// -b
cn=config  "(|(cn=config))"
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf
olcConfigDir: /etc/openldap/slapd.d/
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Trace
olcLogLevel: Packets
olcLogLevel: Args
olcLogLevel: Conns
olcLogLevel: BER
olcLogLevel: Filter
olcLogLevel: Config
olcLogLevel: ACL
olcLogLevel: Stats
olcLogLevel: Stats2
olcLogLevel: Shell
olcLogLevel: Parse
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcServerID: 1 ldap://GL-LDAP01.ldap.idpbg.com
olcServerID: 2 ldap://GL-LDAP02.ldap.idpbg.com
olcServerID: 3 ldap://TY-LDAP01.ldap.idpbg.com
olcServerID: 4 ldap://TY-LDAP02.ldap.idpbg.com
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt
olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0