[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Policy setting

Hello,

Have you trying adding a "objectClass: top" on your entry?

2010/1/5 Saavedra, Gisella <gsaavedra@zebra.com>

I read the entry in Chapter 6

http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples

regarding setting the Password Policy Control.

 

I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43

 

I created my db and included the Password Policy control schema, but I am getting the following error when I try to load my default and user policies:

 

 

$ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" -w secret  -f /etc/openldap/data/ppolicy.ldif

adding new entry "ou=pwdpolicies,dc=zes_example,dc=com"

 

adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"

ldapadd: Object class violation (65)

        additional info: no structural object class provided

 

Any idea? Do I need to add the password policy (ldif file) before I give the directive in slapd.conf?

 

-----------------------------------------

The policy.ldif:

 

dn: ou=pwdpolicies,dc=zes_example,dc=com

ou: pwdpolicies

description: All password Policies

objectclass: organizationalunit

 

# Default Password Policy

dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com

objectClass: pwdPolicy

cn: default

# User can change his/her password

pwdAllowUserChange: TRUE

# Return warning to bind attempt (seconds) -- 3 days

pwdExpireWarning: 259200

# Interval in seconds to reset failure pwd count

pwdFailureCountInterval: 100

# Do not allow to bind on expired passwords

pwdGraceAuthNLimit:  0

# Reject any password changes in this list

pwdInHistory: 3

# Lock out account when user tries more than x attempts using invalid password

pwdLockout: TRUE

# Do not allow the system to unlock the account

pwdLockoutDuration: 0

# Consecutinve # of failure attempts

pwdMaxFailure: 5

# How long the password lasts before user has to change it (seconds)  -- 90 days

pwdMaxAge: 77760000

# Password length

pwdMinLength: 6

 

 

The commands in my slapd.conf are:

 

include                  /etc/openldap/schema/ppolicy.schema

… (not usre if I need the next line)

loadmodule ppolicy.la

 

# invokes password policies for this DIT only

overlay ppolicy

# Default ppolicy

ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com"

# Some ppolicy directives

ppolicy_use_lockout

 

 

 

 

Gisella Saavedra
Sr. Software Engineer
gsaavedra@zebra.com

http://www.navis.com/images/spacer.gif

1000 Broadway, Suite 150, Oakland, CA 94607   |  T+1 510 267 5123  T Main+1 510 267 5000  F+1 510 267 5100  |  http://www.zebra.com/zes

 

 


- CONFIDENTIAL-

This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.



--
Diego Lima