[Date Prev][Date Next] [Chronological] [Thread] [Top]

pesky ppolicy problems

To: openldap-software@openldap.org
Subject: pesky ppolicy problems
From: "Metcalf, Roger" <roger.metcalf@acs-inc.com>
Date: Mon, 22 Jan 2007 13:08:47 -0500

I am trying to use the ppolicy overlay.  I've searched, read and
experimented and can't get it to work.  
I've read other similar postings with similar problems but haven't found the
one with the answer.

My OpenLDAP knowledge is intermediate.

I download 2.3.27, then build it:

	env LIBS="-L/usr/bin" \
	./configure \
	--prefix=/usr/local \
	--libdir=/usr/local/lib \
	--sbindir=/usr/sbin \
	--libexecdir=/usr/sbin \
	--sysconfdir=/etc \
	--localstatedir=/var/lib/ldap \
	--enable-overlays=mod \
	--enable-dynamic=yes \
	--enable-modules=yes \
	--enable-ppolicy=yes &&
	make depend &&
	make

I include ppolicy in slapd.conf.

	include         /etc/openldap/schema/ppolicy.schema
	overlay   ppolicy
	ppolicy_default	"cn=Standard Policy,ou=Policies,c=us"
	ppolicy_hash_cleartext
	ppolicy_use_lockout

I have tried with and without modulepath and moduleload.  I suspect they are
not needed but am not sure.

	modulepath      /usr/sbin
	moduleload	ppolicy.la

I have created a policy structure in my repository.

I don't really care if ppolicy is statically or dynamically loaded, I just
want it to be available!
The problem may be that I really don't get the meaning or dependencies of
enable-dynamic, enable-modules, enable-overlays, enable-static,
enable-shared.

My goal is simple : to get ppolicy working in the simplest way.

Problems:

/etc/init.d/ldap start --

	WARNING: No dynamic config support for overlay ppolicy.

This apparently is more than just a "warning" because startup fails.

I figured Symas CDS silver would work, so I downloaded it, commented out the
ppolicy lines:

	# Load an instance of the ppolicy overlay for the current database:
	overlay	ppolicy
	ppolicy_default	"cn=Standard Policy,ou=Policies,c=us"
	ppolicy_hash_cleartext
	ppolicy_use_lockout

and put -d -1 into EXTRA_SLAPD_ARGS so I could see what happens.

With this:

	# Uncomment the following moduleload to add support for 
	# password policies. Refer to the example below and to
	# slapo-ppolicy(5) for additional information.
	moduleload	ppolicy.la

I get:

	line 93 (moduleload	ppolicy.la)
	lt_dlopenext failed: (ppolicy.la) file not found
	/opt/symas/etc/openldap/slapd.conf: line 93: <moduleload> handler
exited with 1!

With this:

	#moduleload	ppolicy.la

I get this:

	line 234 (overlay	ppolicy)
	overlay "ppolicy" not found
	/opt/symas/etc/openldap/slapd.conf: line 234: <overlay> handler
exited with 1!

What makes this all the more frustrating is that test022-ppolicy appears to
work fine.
I have examined its .conf file and environment variables, etc and can't
extract the secret.

Questions:

1) Where is ppolicy.la located?
2) Does it need to be loaded?
3) Where is the path to it specified?
4) When are moduleload specs needed?
5) Are env variables needed to find ppolicy.la?
6) What's the secret?
7) When will the book be published?

All advice welcome.

Thanks,
Roger Metcalf

Follow-Ups:
- Re: pesky ppolicy problems
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: pesky ppolicy problems
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Two-level groups
Next by Date: Re: pesky ppolicy problems
Index(es):
- Chronological
- Thread