[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Integrating ppolicy
- To: <OpenLDAP-software@OpenLDAP.org>
- Subject: Integrating ppolicy
- From: "David Ashman" <dashman@blackboard.com>
- Date: Wed, 26 Oct 2005 10:38:31 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcXaOu+eTkMhLLfHTEyvotWUe6M6Uw==
- Thread-topic: Integrating ppolicy
I'm trying to integrate the ppolicy overlay into openldap 2.3.11 on
linux to use password expiration. The steps I've followed so far are:
1. ./configure -enable-modules -enable-ppolicy=mod
2. add:
modulepath /usr/local/openldap/libexec/openldap
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com"
ppolicy_use_lockout
to slapd.conf.
When I run slapd with debugging at -1, I see this in the logs:
line 19 (modulepath /usr/local/openldap/libexec/openldap)
line 20 (moduleload ppolicy.la)
loaded module ppolicy.la
module ppolicy.la: null module registered
line 27 (overlay ppolicy)
line 28 (ppolicy_default
"cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com")
>>> dnNormalize: <cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com>
=> ldap_bv2dn(cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com)=0
Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com)=0
Success
<<< dnNormalize: <cn=pwdpolicyentry,dc=qa,dc=dc,dc=blackboard,dc=com>
line 29 (ppolicy_use_lockout)
The line about "null module registered" bothers me. Then, from that
point on, I see no mention of ppolicy when anyone logs in. Am I doing
something wrong? My schedule is getting tight and I've already spent
two days trying to get this working right with no luck. Any help would
be appreciated.
Thanks
dave
David Ashman
Senior Software Architect
Product Development
Blackboard, Inc.
202.463.4860 x2297
This e-mail is intended only for the personal and confidential use of the recipient(s) named above.
It may include Blackboard confidential and proprietary information, and is not for redistribution.