[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7945) attribute 'olcPPolicyDefault' not allowed(openldap password policy)
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7945) attribute 'olcPPolicyDefault' not allowed(openldap password policy)
- From: q03765@sohu.com
- Date: Mon, 22 Sep 2014 07:55:45 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Crane.YQ.Feng
Version: 2.4.23
OS: redhat linux 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (218.29.136.228)
Hello openldap Expert,
Could anyone do me a big favor. when i config my openldap's function about
the password policy and to define the " olcPPolicyDefault ", a problem has
occurted¡£
Note(The enldldap has configed ,it is worked on cn=config model)
when i add a password default policy entry(olcPPolicyDefault) in to my
openldap database(cn=config). the system returned a error message :
------------------------------------------------------------------------------------
file content(olcPPolicy-new.ldif):
dn: cn=config
changetype: modify
add: olcPPolicyDefault
olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com
[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f
olcPPolicy-new.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcPPolicyDefault7 7 not allowed
Used another way to add this entry,the problem is same:
-----------------------------------------------------------------------------
olcPPolicyDefault.ldif file content:
dn: cn=config
changetype: add
olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=idpbg,dc=com
[root@GL-LDAP01 data]# ldapmodify -Y EXTERNAL -H ldapi:/// -f
olcPPolicyDefault.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=config"
ldap_add: Object class violation (65)
additional info: no objectClass attribute
So I can't add olcPPolicyDefault to make openldap password policy to
available.
attachment:
----------------------------------
cn=config content:
[root@GL-LDAP01 openldap]# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b
cn=config "(|(olcoverlay=ppolicy))"
dn: olcOverlay={1}ppolicy,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {1}ppolicy
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
[root@GL-LDAP01 openldap]# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b
cn=config "(|(cn=config))"
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf
olcConfigDir: /etc/openldap/slapd.d/
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Trace
olcLogLevel: Packets
olcLogLevel: Args
olcLogLevel: Conns
olcLogLevel: BER
olcLogLevel: Filter
olcLogLevel: Config
olcLogLevel: ACL
olcLogLevel: Stats
olcLogLevel: Stats2
olcLogLevel: Shell
olcLogLevel: Parse
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcServerID: 1 ldap://GL-LDAP01.ldap.idpbg.com
olcServerID: 2 ldap://GL-LDAP02.ldap.idpbg.com
olcServerID: 3 ldap://TY-LDAP01.ldap.idpbg.com
olcServerID: 4 ldap://TY-LDAP02.ldap.idpbg.com
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt
olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0