Forum: 

Open LDAP password policy

GordonJB's picture

 

Hi,
 
I'm trying to enable the password policy on the Turnkey LDAP server, I have the following configuration:
 
# default, policies, example.local
 
dn: cn=default,ou=policies,dc=example,dc=local
 
objectClass: top
 
objectClass: device
 
objectClass: pwdPolicy
 
cn: default
 
pwdCheckModule: check_password.so
 
pwdAttribute: userPassword
 
pwdMinAge: 604800
 
pwdMaxAge: 3629000
 
pwdExpireWarning: 604800
 
pwdInHistory: 12
 
pwdCheckQuality: 2
 
pwdMinLength: 8
 
pwdMaxFailure: 6
 
pwdLockout: TRUE
 
pwdLockoutDuration: 0
 
pwdGraceAuthNLimit: 0
 
pwdFailureCountInterval: 0
 
pwdMustChange: TRUE
 
pwdAllowUserChange: TRUE
 
pwdSafeModify: FALSE
 
Trying to add it into the LDAP server results in the following error:
 
 
adding new entry "cn=default,ou=policies,dc=example,dc=local"
 
ldap_add: Invalid syntax (21)
 
        additional info: objectClass: value #2 invalid per syntax
 
 
which is the pwdPolicy object.
 
 
My /usr/share/slapd/slapd.conf includes the following config:
 
include         /etc/ldap/schema/ppolicy.schema
 
moduleload      ppolicy.la
 
...
 
overlay ppolicy
 
ppolicy_default "cn=default,ou=policies,dc=example,dc=local"
 
ppolicy_use_lockout
 
ppolicy_hash_cleartext
 
 
I've also made sure /usr/lib/ldap/ppolicy.la and /etc/ldap/schema/ppolicy.schema exist.
 
 
Has anyone had any luck getting ppolicy configured on Turnkey? Is there an important step I'm missing?
 
 
Thanks guys,
 
Gordon

Post new comment