[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: invalid syntax on pwdPolicy object add
Am 13.09.2010 10:30, schrieb Julien Vehent:
> Hello all,
>
> I'm trying to add a default password policy to my directory. I have set
> the following parameters in slapd.conf:
>
> ----
> include /etc/ldap/schema/ppolicy.schema
> [...]
> moduleload ppolicy
> [...]
> backend hdb
> database hdb
> suffix "dc=example,dc=net"
> [...]
> # Password policy
> overlay ppolicy
> ppolicy_default "cn=defaultpwpolicy,ou=policies,dc=example,dc=net"
> ----
>
> I have created the OU 'policies' just fine, but when I try to add a
> pwdPolicy object, i get the following error:
>
> ----
> # ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF
> dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net
> objectClass: pwdPolicy
> objectClass: top
> pwdAttribute: userPassword
> pwdAllowUserChange: TRUE
> pwdInHistory: 2
> pwdMaxFailure: 10
> pwdLockout: TRUE
> pwdLockoutDuration: 1800
> pwdMinLength: 6
> EOF
> Enter LDAP Password:
> adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net"
> ldap_add: Invalid syntax (21)
> additional info: objectClass: value #0 invalid per syntax
> ----
>
> The Schema is properly loaded, the ppolicy.so module is in the path (ie,
> /usr/lib/ldap on debian). So, I'm out of ideas. Anything I've missed here ?
>
> Thanks for your help,
> Julien
>
Hi,
pwdPolicy is an auxiliary objectClass. You have to use it in conjunction
with a structural objectClass. Look at the example from the admin guide:
<http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies>
Regards,
Christian Manal