LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-29-2010, 02:32 PM   #1
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Rep: Reputation: 38
openldap ppolicy in RHEL5


I am having trouble starting ldap when calling a default policy.

This is a RHEL5.4 machine running the latest openldap server from Redhat.
openldap-servers-2.3.43-3.el5
openldap-servers-overlays-2.3.43-3.el5

The server runs fine with calling the ppolicy schema, loading the module, and calling the overlay in the database definition. It fails when I add the ppolicy_default line in the database definition.

slapd.conf - decruffed
Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/RADIUS-LDAPv3.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

modulepath      /usr/lib/openldap

moduleload ppolicy.la

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=example,dc=com"
overlay ppolicy
#ppolicy_default 田n=default,ou=policies,dc=example,dc=com"

rootdn          "cn=Manager,dc=example,dc=com"
rootpw                  {SSHA}************************

directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
After adding the old database content and making sure it was fine...
I added policy.ldif:
Code:
dn: ou=policies,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: policies
and then the default policy:
Code:
dn: cn=default,ou=policies,dc=example,dc=com
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 300
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 7
pwdMustChange: TRUE
pwdSafeModify: FALSE
sn: dummy value
results for # slapd -u ldap -g ldap -f /etc/openldap/slapd.conf -d -1
Code:
line 88 (overlay ppolicy)
line 89 (ppolicy_default 田n=default,ou=policies,dc=example,dc=com")
>>> dnPrettyNormal: <田n=default,ou=policies,dc=example,dc=com>
=> ldap_bv2dn(田n=default,ou=policies,dc=example,dc=com,0)
ldap_err2string
<= ldap_bv2dn(田n=default,ou=policies,dc=example,dc=com)=-4 Decoding error
ldap_err2string
/etc/openldap/slapd.conf: line 89: <ppolicy_default> invalid DN 21 (Invalid syntax)
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

I am checking here because it is usually much faster than Redhat support.
 
Old 03-30-2010, 09:23 AM   #2
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Original Poster
Rep: Reputation: 38
ticket submitted with Redhat,
 
Old 04-01-2010, 12:56 PM   #3
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Original Poster
Rep: Reputation: 38
pasted what was disguised as a double quotes - syntax!
Code:
ppolicy_default 田n=default
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nss_ldap, openldap and openldap-server ... what is openldap for? chakkerz Linux - Server 2 08-13-2009 07:16 PM
SELinux: RHEL4 to RHEL5 rules migration - unknown type var_lib_t in RHEL5 zbiggy Red Hat 2 05-12-2009 03:14 AM
LXer: OpenLDAP Quick Tips: OpenLDAP Logfile analysis LXer Syndicated Linux News 0 12-01-2008 04:00 PM
LXer: OpenLDAP Quick Tips: Regularly upgrade OpenLDAP! LXer Syndicated Linux News 0 11-25-2008 02:00 PM
LXer: OpenLDAP Quick Tips: Using syslog or syslog-ng with slapd for OpenLDAP logging LXer Syndicated Linux News 0 11-14-2008 08:41 PM


All times are GMT -5. The time now is 08:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration