Re: Ppolicy issues

[Tony Earnshaw <tonni@hetnet.nl>]

Bryan Payne skrev, on 20-02-2008 16:10:

> Thank you for your help. I added the pwdPolicySubentry to a user to no 
> avail. I did find this in the logfile though:
>
> Feb 20 09:01:13 ldapserver slapd[6709]: conn=95289 op=4 SEARCH RESULT 
> tag=101 err=50 nentries=0 text=Operations are restricted to 
> bind/unbind/abandon/StartTLS/modify password
>
> So it looks like it's trying to do something but cannot. While I'm 
> concerned about password strength, I'm more concerned (at this point) 
> with just having the machine prompt for a password change. I'm running 
> centos 4.6 and openldap 2.3.39. I compiled it with the following:
>
> ./configure --enable-crypt --enable-ppolicy --with-tls 
> --prefix=/opt/openldap/
>
> Once again, thanks for any help.

I'd strongly advise you to chuck out your self-built 2.3.39 and install 
the rpms at http://staff.telkomsa.net/packages/rhel4/openldap/$basearch. 
You need both libldap and openldap.

Shouldn't be difficult if you install to /opt (you an old Solaris 
person? Or other SYSV?) These will install to LFH locations; however, 
being rpms you can always chuck them off again if they don't please 
(which they will ;) ).

Then take it again from the beginning. These are Buchan Milne's rpms and 
have their own discrete, patched db4 4.2.52 which will not conflict with 
the db4 4.2.52 which you have from CentOS. Moreover everything including 
sonames is named differently from Red Hat's, so it all takes a bit of 
getting used to. But when you have, you'll never look back.

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl