[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Check password module/ppolicy problem on Solaris 10 (2.4.21 OL sources) server
- To: openldap-technical@openldap.org
- Subject: Check password module/ppolicy problem on Solaris 10 (2.4.21 OL sources) server
- From: "Jose G. Torres" <jogeedaklown@yahoo.com>
- Date: Mon, 22 Feb 2010 08:03:36 -0800 (PST)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1266854617; bh=SD8C/P8LDfH4YSVd/z+8ZPvYwKr6cc9W8DYGXtUbUm4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=0L/JgR/1kPKDQ6WJHhf/8crC24m80r8Ez8Fg4pCnb/X9/D7r52Er552Ch4uFtqpto4fG3WIFWiqAqt/ulT2G6TaT7bLl5w1ke4W6+aAa/FyGZN/CW1zdJ+5waJee9uWWPcu0Zph1ry91Cnt8fAPOh7mBvBIFb8hoN25kxL0pV9U=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=ToYxewZdL6QQGIuP+aOQkz6N+SYmNpxABUTrpIoFhRvyaonVlhEjgzNd5J9Uvo1wKrzOq0NhnZRx7WriZJ94rvRYdag0uuwcw1bbQI6lSHhHXvnr6Cyn1Q+KLTwipcyiFuVlvq7jZk+sp5mKxHyfyv8W6uDw6PcLydTL8E8bUow=;
Hello everyone!,
I am trying to get my solaris 10 openldap 2.4.21 server to use my check_password.so module using the ppolicy overlay. When I try to change a user's
password from a linux client, I get the following error message.
passwd ldapuser
Changing password for ldapuser.
Enter login(LDAP) password:
New Password:
Reenter New Password:
LDAP password information update failed: Constraint violation
Password fails quality checking policy
passwd: Permission denied
Within
my logs, I do not see any error messages from my check_password.so
module. I created the directory /opt/openldap/etc/openldap/modules and
placed my module in that directory and I added the modulepath in my
slapd.conf.
Is there something I missed? Is this a PAM thing? I know this setup works on a OpenSUSE 11.2 openldap server. Help.
I included part of my slapd.conf, openldap configure, check_password.c source, makefile and ldd of my check_password.so.
Thanks!!!!
Jose Torres
openldap configure
******************
CC=/usr/sfw/bin/gcc CPPFLAGS=-I/opt/openldap/include \
LDFLAGS="-L/opt/openldap/lib -R/opt/openldap/lib" \
./configure --prefix=/opt/openldap --with-tls \
--enable-spasswd --enable-crypt --with-gnu-ld \
--enable-ppolicy --enable-modules --enable-dynamic
slapd.conf:
**********
include /opt/openldap/etc/openldap/schema/ppolicy.schema
# Add password policies.
modulepath /opt/openldap/etc/openldap/modules
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=caci,dc=ymp,dc=com"
ppolicy_use_lockout
I tried ppolicy_clear_txt I still have the same problem.
check_password.c:
****************
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "portable.h"
#include "slap.h"
int init_module()
{
return 0;
}
int check_password(char *pPasswd, char **ppErrStr, Entry *pEntry)
{
char error=0;
char retmsg[255];
char *message,*buffer,*token;
const char special[] ="!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
const char number[] ="1234567890";
const char CAPS[] ="ABCDEFGHIJKLMNOPQRSTUVWXYZ";
error = 0;
if (strstr( pPasswd, " ") != NULL)
{
error = 1;
strcpy(retmsg , "******** CHECKPW: Password contains SPACES! ********");
}
buffer = strdup(pPasswd);
token = strtok(buffer,special);
if ( !(strcmp(token,pPasswd)) || (token == NULL) )
{
error = 1;
strcpy(retmsg , "******** CHECKPW: Password does not contain any special c
haracters! ********");
}
buffer = strdup(pPasswd);
token = strtok(buffer,number);
if ( !(strcmp(token,pPasswd)) || (token == NULL) )
{
error = 1;
strcpy(retmsg , "******** CHECKPW: Password does not contain any numbers!
********");
}
buffer = strdup(pPasswd);
token = strtok(buffer,number);
if ( !(strcmp(token,pPasswd)) || (token == NULL) )
{
error = 1;
strcpy(retmsg , "******** CHECKPW: Password does not contain any CAPITAL L
ETTERS! ********");
}
if (error)
{
/* Allocate */
message = (char *)malloc(sizeof(char) * (strlen(retmsg)+1));
/* Copy the contents of the string. */
strcpy(message, retmsg);
*ppErrStr=message;
}
return error;
}
Makefile:
*********
check_password.so: check_password.o
gcc -L/opt/openldap/lib -lldap -shared -o check_password.so check_passwo
rd.o
check_password.o: check_password.c
gcc -fpic -I../../include -I. -c check_password.c
clean:
rm check_password.so check_password.o
It seems to find the right libraries.
$ ldd modules/check_password.so
libldap-2.4.so.2 => /opt/openldap/lib/libldap-2.4.so.2
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
liblber-2.4.so.2 => /opt/openldap/lib/liblber-2.4.so.2
libresolv.so.2 => /usr/lib/libresolv.so.2
libgen.so.1 => /usr/lib/libgen.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libsasl.so.1 => /usr/lib/libsasl.so.1
libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 => /usr/sfw/lib/libcrypto.so.0.9.7
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd.so.1 => /usr/lib/libmd.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libdoor.so.1 => /usr/lib/libdoor.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libssl_extra.so.0.9.7 => /usr/sfw/lib/libssl_extra.so.0.9.7
libcrypto_extra.so.0.9.7 => /usr/sfw/lib/libcrypto_extra.so.0.9.7
libm.so.2 => /usr/lib/libm.so.2