You are here
GordonJB - Tue, 2012/12/11 - 13:12
Hi,
I'm trying to enable the password policy on the Turnkey LDAP server, I have the following configuration:
# default, policies, example.local
dn: cn=default,ou=policies,dc=example,dc=local
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdCheckModule: check_password.so
pwdAttribute: userPassword
pwdMinAge: 604800
pwdMaxAge: 3629000
pwdExpireWarning: 604800
pwdInHistory: 12
pwdCheckQuality: 2
pwdMinLength: 8
pwdMaxFailure: 6
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
Trying to add it into the LDAP server results in the following error:
adding new entry "cn=default,ou=policies,dc=example,dc=local"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #2 invalid per syntax
which is the pwdPolicy object.
My /usr/share/slapd/slapd.conf includes the following config:
include /etc/ldap/schema/ppolicy.schema
moduleload ppolicy.la
...
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=local"
ppolicy_use_lockout
ppolicy_hash_cleartext
I've also made sure /usr/lib/ldap/ppolicy.la and /etc/ldap/schema/ppolicy.schema exist.
Has anyone had any luck getting ppolicy configured on Turnkey? Is there an important step I'm missing?
Thanks guys,
Gordon
Forum:
Add new comment