[Date Prev][Date Next] [Chronological] [Thread] [Top]

configure options to use ppolicy

To: openldap-software@OpenLDAP.org
Subject: configure options to use ppolicy
From: Prakash Velayutham <prakash.velayutham@cchmc.org>
Date: Mon, 14 Aug 2006 11:59:59 -0400
User-agent: Thunderbird 1.5 (X11/20051201)

Hi,

I am interested in ppolicy overlay and currently using these configure
options. But for some reason, I don't see ppolicy.la getting installed
at all in my server (SuSE Pro 9.3). Could someone here provide me with
the configure flags that would provide me with the ppolicy module?

/configure --prefix=/usr/local/encap/openldap-2.3.25
--localstatedir=/var/openldap --sysconfdir=/etc --enable-modules=yes
--enable-overlays=yes --enable-ppolicy=yes --enable-syncprov=no
--enable-accesslog=yes --enable-rlookups=yes --enable-perl=yes
--enable-ldap=yes --enable-debug=yes --enable-shared=yes

When I start slapd with contents of slapd.conf as below:

############################################################
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema

pidfile         /var/openldap/run/slapd.pid
argsfile        /var/openldap/run/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/local/encap/openldap-2.3.19/libexec/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la
moduleload ppolicy.la

access to dn="" by * read

password-hash   {SSHA}

database        bdb
suffix          "dc=x,dc=y"
rootdn          "cn=Manager,dc=x,dc=y"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw xxxxxx

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/openldap/openldap-data

# indexing
index default eq

# basic use
index objectClass,uid,dc,o,ou

# references
index member,owner,seeAlso

# mail
index mail

# names
index cn,sn,givenName,displayName eq,sub

overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=x,dc=y"

ppolicy_use_lockout

access to attrs=userPassword
        by self write
        by anonymous auth
        by dn="cn=Manager,dc=x,dc=y" write
        by * none
access to attrs=shadowLastChange
        by dn="cn=Manager,dc=x,dc=y" write
        by self write
        by * auth
access to * by * read

loglevel -1
#################################################################

I get this in my /var/log/messages:

Aug 14 11:30:14 ldaptest slapd[750]: @(#) $OpenLDAP: slapd 2.3.25 (Aug
11 2006 16:13:51) $     
root@ldaptest:/usr/local/src/openldap-2.3.25/servers/slapd
Aug 14 11:30:14 ldaptest slapd[750]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or directory
Aug 14 11:30:15 ldaptest slapd[750]: lt_dlopenext failed: (ppolicy.la)
file not found
Aug 14 11:30:15 ldaptest slapd[750]: slapd stopped.
Aug 14 11:30:15 ldaptest slapd[750]: connections_destroy: nothing to
destroy.

Please note that this error remains regardless of the modulepath line
being commented or not.

Thanks,
Prakash

Follow-Ups:
- Re: configure options to use ppolicy
  - From: Dmitriy Kirhlarov <dkirhlarov@oilspace.com>
- Re: configure options to use ppolicy
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Blocking users
Next by Date: Password testing
Index(es):
- Chronological
- Thread