On Mon, Jan 22, 2007 at 04:27:19PM -0500, Metcalf, Roger wrote: > Thanks for the quick response! I'm using 2.3.27 because it was The Stable > Release when I started this. > I'll move to the latest stable release after I get ppolicy figured out. > > I want dynamic modules, so I changed my enable-ppolicy to be "mod" -- > <snip > > > In slapd.conf I set the module path: > > modulepath /usr/sbin/openldap > moduleload ppolicy.la > <snip> > overlay ppolicy > ppolicy_default "cn=Standard Policy,ou=Policies,c=us" > ppolicy_hash_cleartext > ppolicy_use_lockout > > Still I get: > > [root openldap-2.3.27]# /etc/init.d/ldap start > Checking configuration files for : WARNING: No dynamic config > support for overlay ppolicy. > config file testing succeeded > Starting slapd: FAILED > [root openldap-2.3.27]# I get this problem with 2.3.30 (debian) when I do the same thing for unique as well. seems like the only way to get slapd to start without coughing its guts up is 1 add the module load statement before the backend statement 2 use overlay in the database section 3 ignore the warning about dynamic configuration! Plus I was having trouble inserting my default policy as well, until I matched it up with organizationalRole, seems like pwdPolicy did not like being with inetorgperson > > Shouldn't this work now? > > I attach my slapd.conf, mostly vanilla in this version, and I've removed > commented lines for your convenience. > How's it look? > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/acs.schema > include /etc/openldap/schema/ppolicy.schema > > pidfile /var/lib/ldap/run/slapd.pid > argsfile /var/lib/ldap/run/slapd.args > > modulepath /usr/sbin/openldap > moduleload ppolicy.la > > database bdb > suffix "c=US" > rootdn "cn=Manager, c=US" > rootpw secret > > directory /var/lib/ldap/openldap-data > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > loglevel 256 > > overlay ppolicy > > ppolicy_default "cn=Standard Policy,ou=Policies,c=us" > ppolicy_hash_cleartext > ppolicy_use_lockout > > > Thanks, > Roger > > > > > -----Original Message----- > > From: Quanah Gibson-Mount [mailto:quanah@stanford.edu] > > Sent: Monday, January 22, 2007 1:36 PM > > To: Metcalf, Roger; openldap-software@openldap.org > > Subject: Re: pesky ppolicy problems > > > > > > > > > > --On Monday, January 22, 2007 1:08 PM -0500 "Metcalf, Roger" > > <roger.metcalf@acs-inc.com> wrote: > > > > > I am trying to use the ppolicy overlay. I've searched, read and > > > experimented and can't get it to work. > > > I've read other similar postings with similar problems but > > haven't found > > > the one with the answer. > > > > > > My OpenLDAP knowledge is intermediate. > > > > > > I download 2.3.27, then build it: > > > > Why 2.3.27? 2.3.32 is the current stable release. > > > > Plus there have been fixes since 2.3.27: > > > > OpenLDAP 2.3.30 Release (2006/11/14) > > Fixed slapo-ppolicy external quality check (ITS#4741) > > > > > > OpenLDAP 2.3.29 Release (2006/11/10) > > Fixed slapo-ppolicy leaks (ITS#4665) > > > > OpenLDAP 2.3.28 Release (2006/10/21) > > Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692) > > > > > > > > As for your questions: > > > > Questions: > > > > 1) Where is ppolicy.la located? > > > > Well, if its a dynamic module, then in $lib/openldap: > > > > ldap00:/usr/local/lib/openldap> ls -l ppol* > > lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy-2.3.so.0 -> > > ppolicy-2.3.so.0.2.16* > > -rwxr-xr-x 1 root root 102169 Nov 8 21:49 ppolicy-2.3.so.0.2.16* > > -rwxr-xr-x 1 root root 909 Nov 8 21:49 ppolicy.la* > > lrwxrwxrwx 1 root root 21 Nov 13 22:38 ppolicy.so -> > > ppolicy-2.3.so.0.2.16* > > > > 2) Does it need to be loaded? > > > > Yes, if it is a dynamic module. > > > > 3) Where is the path to it specified? > > > > Via the "modulepath" directive in slapd.conf: > > > > # Load dynamic backend modules: > > modulepath /usr/local/lib/openldap > > moduleload back_hdb.la > > moduleload back_monitor.la > > > > > > 4) When are moduleload specs needed? > > > > Not sure what you mean here. > > > > 5) Are env variables needed to find ppolicy.la? > > > > No. > > > > 6) What's the secret? > > > > Reading the man pages and other documentation. > > > > 7) When will the book be published? > > > > Howard is currently working on writing it. > > > > --Quanah > > > > -- > > Quanah Gibson-Mount > > Principal Software Developer > > ITS/Shared Application Services > > Stanford University > > GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html > > >
Attachment:
signature.asc
Description: Digital signature