LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   openldap ppolicy in RHEL5 (https://www.linuxquestions.org/questions/linux-server-73/openldap-ppolicy-in-rhel5-798711/)

frndrfoe 03-29-2010 02:32 PM
openldap ppolicy in RHEL5
 
I am having trouble starting ldap when calling a default policy.

This is a RHEL5.4 machine running the latest openldap server from Redhat.
openldap-servers-2.3.43-3.el5
openldap-servers-overlays-2.3.43-3.el5

The server runs fine with calling the ppolicy schema, loading the module, and calling the overlay in the database definition. It fails when I add the ppolicy_default line in the database definition.

slapd.conf - decruffed
Code:
include        /etc/openldap/schema/core.schema
include        /etc/openldap/schema/cosine.schema
include        /etc/openldap/schema/inetorgperson.schema
include        /etc/openldap/schema/nis.schema
include        /etc/openldap/schema/ppolicy.schema
include        /etc/openldap/schema/RADIUS-LDAPv3.schema

allow bind_v2

pidfile        /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

modulepath      /usr/lib/openldap

moduleload ppolicy.la

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=example,dc=com"
overlay ppolicy
#ppolicy_default 田n=default,ou=policies,dc=example,dc=com"

rootdn          "cn=Manager,dc=example,dc=com"
rootpw                  {SSHA}************************

directory      /var/lib/ldap

# Indices to maintain for this database
index objectClass                      eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                    eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
After adding the old database content and making sure it was fine...
I added policy.ldif:
Code:
dn: ou=policies,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: policies
and then the default policy:
Code:
dn: cn=default,ou=policies,dc=example,dc=com
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 300
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 7
pwdMustChange: TRUE
pwdSafeModify: FALSE
sn: dummy value
results for # slapd -u ldap -g ldap -f /etc/openldap/slapd.conf -d -1
Code:
line 88 (overlay ppolicy)
line 89 (ppolicy_default 田n=default,ou=policies,dc=example,dc=com")
>>> dnPrettyNormal: <田n=default,ou=policies,dc=example,dc=com>
=> ldap_bv2dn(田n=default,ou=policies,dc=example,dc=com,0)
ldap_err2string
<= ldap_bv2dn(田n=default,ou=policies,dc=example,dc=com)=-4 Decoding error
ldap_err2string
/etc/openldap/slapd.conf: line 89: <ppolicy_default> invalid DN 21 (Invalid syntax)
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

I am checking here because it is usually much faster than Redhat support.

frndrfoe 03-30-2010 09:23 AM
ticket submitted with Redhat,

frndrfoe 04-01-2010 12:56 PM
pasted what was disguised as a double quotes - syntax!
Code:
ppolicy_default 田n=default


All times are GMT -5. The time now is 12:13 AM.