[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Configuring ppolicy problem
- To: openldap-technical@openldap.org
- Subject: Configuring ppolicy problem
- From: cbulist <cbulist@gmail.com>
- Date: Mon, 27 Aug 2012 16:30:15 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=L092YX98Sk6g9o82ln+aFuhNi8cH4E7VYts78G2mcPM=; b=Q25erJ9fiJnHIdutbavQJuuB9Lyj+hK/DfuSY09ffBLe2knCMhpF8A6bxb63N74RJZ dHzYwp7UdXbrG5GD175ZJv+p2BgDdDNepvXtp1fZk6VuBvomfeqK6AjrqrW8i4yIxdDa UHj3Lc4+DIfxQj7e10PcpxGY8lUgQcfopkpQoa7XSfEuFcxpQPWCF+scPm8uafN1QVpd Andaw9GdNmyNa/zb+kFdRBDxiBixRVup+0ChvITNhZN/bdUHY0TydANRvYTerBDLeAHd pdhVXimh9uDjnbkxfeIhB58qJoT6Wv4/hWIG00wiEDJlqQw+DRPocOmJbxY/jfi5hfuz Matg==
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Fedora/3.1.16-1.fc14 Thunderbird/3.1.16
Hi,
I'm trying to configure ppolicy but It's not working when I set
pwdMaxAge and pwdWarning (I am able to login when my password is suppose
to be expired)
I tried with shadowAccount instead of PwdPolicy and It is working well.
This is my relevant setting in slapd.conf
include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=sample,dc=com"
ppolicy_use_lockout
My ldip file is:
objectClass: organizationalUnit
objectClass: top
ou: policies
dn: cn=default,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: default
pwdAttribute: userPassword
sn: dummy
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 50
pwdFailureCountInternal: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: FALSE
pwdLockDuration:0
pwdMaxAge: 60
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLenght: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
dn: cn=user1,ou=policies,dc=sample,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: pwdPolicy
objectClass: shadowAccount
cn: user1
pwdAttribute: userPassword
gidNumber: 501
homeDirectory: /home/user1
sn: test
uid: user1
uidNumber: 501
pwdAllowUserChange: TRUE
pwdAge: 20
pwdExpireWarning: 15
userPassword: XXXXX
Thanks in advance!