[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: pesky ppolicy problems



Thanks for the quick response!  I'm using 2.3.27 because it was The Stable
Release when I started this.  
I'll move to the latest stable release after I get ppolicy figured out.

I want dynamic modules, so I changed my enable-ppolicy to be "mod" --

env LIBS="-L/usr/bin" \
./configure \
--prefix=/usr/local \
--libdir=/usr/local/lib \
--sbindir=/usr/sbin \
--libexecdir=/usr/sbin \
--sysconfdir=/etc \
--localstatedir=/var/lib/ldap \
--enable-modules=yes \
--enable-ppolicy=mod &&
make depend &&
make


The make/install process displayed:

make[3]: Entering directory
`/usr/local/src/openldap-2.3.27/servers/slapd/overlays'
../../../build/shtool install -c -m 755 .libs/ppolicy-2.3.so.0.2.15
/usr/sbin/openldap/ppolicy-2.3.so.0.2.15
(cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0
|| { rm -f ppolicy-2.3.so.0 && ln -s ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0;
}; })
(cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy.so || {
rm -f ppolicy.so && ln -s ppolicy-2.3.so.0.2.15 ppolicy.so; }; })
../../../build/shtool install -c -m 755 .libs/ppolicy.lai
/usr/sbin/openldap/ppolicy.la
PATH="$PATH:/sbin" ldconfig -n /usr/sbin/openldap


That looked like what I need. In /usr/sbin/openldap I now find:

	lrwxrwxrwx  1 root root     21 Jan 22 14:51 ppolicy-2.3.so.0 ->
ppolicy-2.3.so.0.2.15
	-rwxr-xr-x  1 root root  85722 Jan 22 14:51 ppolicy-2.3.so.0.2.15
	-rwxr-xr-x  1 root root    836 Jan 22 14:51 ppolicy.la
	lrwxrwxrwx  1 root root     21 Jan 22 14:51 ppolicy.so ->
ppolicy-2.3.so.0.2.15

In slapd.conf I set the module path:

	modulepath      /usr/sbin/openldap
	moduleload	ppolicy.la
	<snip>
	overlay   ppolicy
	ppolicy_default	"cn=Standard Policy,ou=Policies,c=us"
	ppolicy_hash_cleartext
	ppolicy_use_lockout

Still I get:

	[root openldap-2.3.27]# /etc/init.d/ldap start
	Checking configuration files for : WARNING: No dynamic config
support for overlay ppolicy.
	config file testing succeeded
	Starting slapd: FAILED
	[root openldap-2.3.27]# 

Shouldn't this work now?

I attach my slapd.conf, mostly vanilla in this version, and I've removed
commented lines for your convenience.  
How's it look?

	include	/etc/openldap/schema/core.schema
	include	/etc/openldap/schema/cosine.schema
	include	/etc/openldap/schema/inetorgperson.schema
	include	/etc/openldap/schema/nis.schema
	include     /etc/openldap/schema/acs.schema
	include     /etc/openldap/schema/ppolicy.schema

	pidfile	/var/lib/ldap/run/slapd.pid
	argsfile	/var/lib/ldap/run/slapd.args

	modulepath      /usr/sbin/openldap
	moduleload	ppolicy.la

	database	bdb
	suffix		"c=US"
	rootdn		"cn=Manager, c=US"
	rootpw		secret

	directory	/var/lib/ldap/openldap-data

	index objectClass                       eq,pres
	index ou,cn,mail,surname,givenname      eq,pres,sub
	index uidNumber,gidNumber,loginShell    eq,pres
	index uid,memberUid                     eq,pres,sub
	index nisMapName,nisMapEntry            eq,pres,sub
	loglevel 256

	overlay   ppolicy

	ppolicy_default	"cn=Standard Policy,ou=Policies,c=us"
	ppolicy_hash_cleartext
	ppolicy_use_lockout


Thanks,
Roger



> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@stanford.edu]
> Sent: Monday, January 22, 2007 1:36 PM
> To: Metcalf, Roger; openldap-software@openldap.org
> Subject: Re: pesky ppolicy problems
> 
> 
> 
> 
> --On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger" 
> <roger.metcalf@acs-inc.com> wrote:
> 
> > I am trying to use the ppolicy overlay.  I've searched, read and
> > experimented and can't get it to work.
> > I've read other similar postings with similar problems but 
> haven't found
> > the one with the answer.
> >
> > My OpenLDAP knowledge is intermediate.
> >
> > I download 2.3.27, then build it:
> 
> Why 2.3.27?  2.3.32 is the current stable release.
> 
> Plus there have been fixes since 2.3.27:
> 
> OpenLDAP 2.3.30 Release (2006/11/14)
> 	Fixed slapo-ppolicy external quality check (ITS#4741)
> 
> 
> OpenLDAP 2.3.29 Release (2006/11/10)
> 	Fixed slapo-ppolicy leaks (ITS#4665)
> 
> OpenLDAP 2.3.28 Release (2006/10/21)
> 	Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
> 
> 
> 
> As for your questions:
> 
> Questions:
> 
> 1) Where is ppolicy.la located?
> 
> Well, if its a dynamic module, then in $lib/openldap:
> 
> ldap00:/usr/local/lib/openldap> ls -l ppol*
> lrwxrwxrwx  1 root root     21 Nov 13 22:38 ppolicy-2.3.so.0 -> 
> ppolicy-2.3.so.0.2.16*
> -rwxr-xr-x  1 root root 102169 Nov  8 21:49 ppolicy-2.3.so.0.2.16*
> -rwxr-xr-x  1 root root    909 Nov  8 21:49 ppolicy.la*
> lrwxrwxrwx  1 root root     21 Nov 13 22:38 ppolicy.so -> 
> ppolicy-2.3.so.0.2.16*
> 
> 2) Does it need to be loaded?
> 
> Yes, if it is a dynamic module.
> 
> 3) Where is the path to it specified?
> 
> Via the "modulepath" directive in slapd.conf:
> 
> # Load dynamic backend modules:
> modulepath      /usr/local/lib/openldap
> moduleload      back_hdb.la
> moduleload      back_monitor.la
> 
> 
> 4) When are moduleload specs needed?
> 
> Not sure what you mean here.
> 
> 5) Are env variables needed to find ppolicy.la?
> 
> No.
> 
> 6) What's the secret?
> 
> Reading the man pages and other documentation.
> 
> 7) When will the book be published?
> 
> Howard is currently working on writing it.
> 
> --Quanah
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>