GordonJB's picture


I'm trying to enable the password policy on the Turnkey LDAP server, I have the following configuration:
# default, policies, example.local
dn: cn=default,ou=policies,dc=example,dc=local
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdCheckModule: check_password.so
pwdAttribute: userPassword
pwdMinAge: 604800
pwdMaxAge: 3629000
pwdExpireWarning: 604800
pwdInHistory: 12
pwdCheckQuality: 2
pwdMinLength: 8
pwdMaxFailure: 6
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
Trying to add it into the LDAP server results in the following error:
adding new entry "cn=default,ou=policies,dc=example,dc=local"
ldap_add: Invalid syntax (21)
        additional info: objectClass: value #2 invalid per syntax
which is the pwdPolicy object.
My /usr/share/slapd/slapd.conf includes the following config:
include         /etc/ldap/schema/ppolicy.schema
moduleload      ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=local"
I've also made sure /usr/lib/ldap/ppolicy.la and /etc/ldap/schema/ppolicy.schema exist.
Has anyone had any luck getting ppolicy configured on Turnkey? Is there an important step I'm missing?
Thanks guys,

Add new comment