[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ppolicy: invalid value for attributeType pwAttribute -- for "userPassword"
- To: OpenLDAP Software List <openldap-software@openldap.org>
- Subject: ppolicy: invalid value for attributeType pwAttribute -- for "userPassword"
- From: Chris Shenton <chris.shenton@nasa.gov>
- Date: Fri, 22 Feb 2008 17:53:53 -0500
- User-agent: Thunderbird 2.0.0.9 (X11/20080219)
I'm running 2.3.39 and using ppolicy to enforce our password policy.
Got an LDIF file:
dn: cn=npg2810,ou=policies,dc=nasascience,dc=nasa,dc=gov
cn: npg2810
objectClass: top
objectClass: pwdPolicy
objectClass: organizationalRole
objectClass: pwdPolicyChecker
description: OpenLDAP ppolicy to implement NPG2810-like restrictions
pwdAttribute: userPassword
When I try to slapadd it, I get an error indicating it doesn't like
"userPassword":
sudo sbin/slapadd -l ldifs/6_policies.ldif
str2entry: invalid value for attributeType pwdAttribute #0 (syntax
1.3.6.1.4.1.1466.115.121.1.38)
slapadd: could not parse entry (line=51)
The ppolicy.schema file says:
#5.2.1 pwdAttribute
#
# This holds the name of the attribute to which the password policy is
# applied. For example, the password policy may be applied to the
# userPassword attribute.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
NAME 'pwdAttribute'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
And my slapd.conf includes ppolicy.schema in addition to core.schema,
cosine.schema, and inetorgperson.schema.
Oddly, replacing the "userPassword" value with a random number, like
"42" or "3.14159" causes no error.
I cannot find userPassword defined in any of the schemas, tho it is
commented out in core.schema. If I uncomment it from core.schema it
complains that it's a dupe:
sbin/slapadd -l ldifs/6_policies.ldif
schema/core.schema: line 244: Duplicate attributeType: "2.5.4.35"
slapadd: bad configuration file!
What am I missing?
Thanks.