[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: pesky ppolicy problems
Thanks for the quick response! I'm using 2.3.27 because it was The Stable
Release when I started this.
I'll move to the latest stable release after I get ppolicy figured out.
I want dynamic modules, so I changed my enable-ppolicy to be "mod" --
env LIBS="-L/usr/bin" \
./configure \
--prefix=/usr/local \
--libdir=/usr/local/lib \
--sbindir=/usr/sbin \
--libexecdir=/usr/sbin \
--sysconfdir=/etc \
--localstatedir=/var/lib/ldap \
--enable-modules=yes \
--enable-ppolicy=mod &&
make depend &&
make
The make/install process displayed:
make[3]: Entering directory
`/usr/local/src/openldap-2.3.27/servers/slapd/overlays'
../../../build/shtool install -c -m 755 .libs/ppolicy-2.3.so.0.2.15
/usr/sbin/openldap/ppolicy-2.3.so.0.2.15
(cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0
|| { rm -f ppolicy-2.3.so.0 && ln -s ppolicy-2.3.so.0.2.15 ppolicy-2.3.so.0;
}; })
(cd /usr/sbin/openldap && { ln -s -f ppolicy-2.3.so.0.2.15 ppolicy.so || {
rm -f ppolicy.so && ln -s ppolicy-2.3.so.0.2.15 ppolicy.so; }; })
../../../build/shtool install -c -m 755 .libs/ppolicy.lai
/usr/sbin/openldap/ppolicy.la
PATH="$PATH:/sbin" ldconfig -n /usr/sbin/openldap
That looked like what I need. In /usr/sbin/openldap I now find:
lrwxrwxrwx 1 root root 21 Jan 22 14:51 ppolicy-2.3.so.0 ->
ppolicy-2.3.so.0.2.15
-rwxr-xr-x 1 root root 85722 Jan 22 14:51 ppolicy-2.3.so.0.2.15
-rwxr-xr-x 1 root root 836 Jan 22 14:51 ppolicy.la
lrwxrwxrwx 1 root root 21 Jan 22 14:51 ppolicy.so ->
ppolicy-2.3.so.0.2.15
In slapd.conf I set the module path:
modulepath /usr/sbin/openldap
moduleload ppolicy.la
<snip>
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,c=us"
ppolicy_hash_cleartext
ppolicy_use_lockout
Still I get:
[root openldap-2.3.27]# /etc/init.d/ldap start
Checking configuration files for : WARNING: No dynamic config
support for overlay ppolicy.
config file testing succeeded
Starting slapd: FAILED
[root openldap-2.3.27]#
Shouldn't this work now?
I attach my slapd.conf, mostly vanilla in this version, and I've removed
commented lines for your convenience.
How's it look?
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/acs.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /var/lib/ldap/run/slapd.pid
argsfile /var/lib/ldap/run/slapd.args
modulepath /usr/sbin/openldap
moduleload ppolicy.la
database bdb
suffix "c=US"
rootdn "cn=Manager, c=US"
rootpw secret
directory /var/lib/ldap/openldap-data
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
loglevel 256
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,c=us"
ppolicy_hash_cleartext
ppolicy_use_lockout
Thanks,
Roger
> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@stanford.edu]
> Sent: Monday, January 22, 2007 1:36 PM
> To: Metcalf, Roger; openldap-software@openldap.org
> Subject: Re: pesky ppolicy problems
>
>
>
>
> --On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger"
> <roger.metcalf@acs-inc.com> wrote:
>
> > I am trying to use the ppolicy overlay. I've searched, read and
> > experimented and can't get it to work.
> > I've read other similar postings with similar problems but
> haven't found
> > the one with the answer.
> >
> > My OpenLDAP knowledge is intermediate.
> >
> > I download 2.3.27, then build it:
>
> Why 2.3.27? 2.3.32 is the current stable release.
>
> Plus there have been fixes since 2.3.27:
>
> OpenLDAP 2.3.30 Release (2006/11/14)
> Fixed slapo-ppolicy external quality check (ITS#4741)
>
>
> OpenLDAP 2.3.29 Release (2006/11/10)
> Fixed slapo-ppolicy leaks (ITS#4665)
>
> OpenLDAP 2.3.28 Release (2006/10/21)
> Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
>
>
>
> As for your questions:
>
> Questions:
>
> 1) Where is ppolicy.la located?
>
> Well, if its a dynamic module, then in $lib/openldap:
>
> ldap00:/usr/local/lib/openldap> ls -l ppol*
> lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy-2.3.so.0 ->
> ppolicy-2.3.so.0.2.16*
> -rwxr-xr-x 1 root root 102169 Nov 8 21:49 ppolicy-2.3.so.0.2.16*
> -rwxr-xr-x 1 root root 909 Nov 8 21:49 ppolicy.la*
> lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy.so ->
> ppolicy-2.3.so.0.2.16*
>
> 2) Does it need to be loaded?
>
> Yes, if it is a dynamic module.
>
> 3) Where is the path to it specified?
>
> Via the "modulepath" directive in slapd.conf:
>
> # Load dynamic backend modules:
> modulepath /usr/local/lib/openldap
> moduleload back_hdb.la
> moduleload back_monitor.la
>
>
> 4) When are moduleload specs needed?
>
> Not sure what you mean here.
>
> 5) Are env variables needed to find ppolicy.la?
>
> No.
>
> 6) What's the secret?
>
> Reading the man pages and other documentation.
>
> 7) When will the book be published?
>
> Howard is currently working on writing it.
>
> --Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>