LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 11-13-2012, 03:00 PM   #1
melive
LQ Newbie
 
Registered: Sep 2012
Location: Bogotá - Colombia
Posts: 10

Rep: Reputation: Disabled
how to enable or disable users with ppolicy OpenLDAP


I need a way to disable an ldap user in OpenLDAP, I'm following this answer
http://www.openldap.org/lists/openld.../msg00107.html

In my slapd.conf I have the next inf...

include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=pwpolicies,dc=prueba,dc=co"


Also I have this entry...

dn: cn=user,ou=pwpolicies,dc=prueba,dc=co
objectClass: pwdPolicy
objectClass: top
objectClass: person
pwdAttribute: 2.5.4.35
cn: user
pwdMaxAge: 604800
pwdInHistory: 3
pwdMaxFailure: 3
pwdLockout: TRUE
pwdMustChange: TRUE
pwdMinLength: 10
pwdSafeModify: TRUE


Now I'm trying to add:

dn: cn=pepito,cn=Users,dc=prueba,dc=co
changetype: modify
add: pwdPolicySubentry
pwdPolicy: cn=user,ou=pwpolicies,dc=prueba,dc=co


and the result is:


modifying entry "cn=pepito,cn=Users,dc=prueba,dc=co"
ldapadd: Undefined attribute type (17)
additional info: pwdPolicy: attribute type undefined


I try "pwdPolicySubentry" instead of "pwdPolicy" too but it doesn't work.

In my ppolicy.schema file I have uncommented the pwdAccountLockedTime and the pwdPolicySubentry attributetypes but nothing is working.

Anybody know what can I do? Again... please help !

Last edited by melive; 11-13-2012 at 03:04 PM.
 
Old 11-14-2012, 03:49 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,773

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

Have a look at the 2nd example here for a per user ppolicy entry.

Regards
 
Old 11-14-2012, 09:17 AM   #3
melive
LQ Newbie
 
Registered: Sep 2012
Location: Bogotá - Colombia
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks for you reply...

yes, I have followed this example too, but the problem is when I try to add this entry

dn: cn=pepito,cn=Users,dc=prueba,dc=co
changetype: modify
add: pwdPolicySubentry
pwdPolicy: cn=user,ou=pwpolicies,dc=prueba,dc=co

This is the last step in the example that you mention, I don't know what to do to solve the error.
 
Old 11-14-2012, 11:55 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,773

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Are you sure you're using slapd.conf or the new cn=config DIT? New versions of openldap use the cn=config approach.
In this case you need to convert the ppolicy.schema into a olcoverlay ppolicy ldif. Maybe this and/or this (under "Import Schemata"), could be of help

Regards
 
1 members found this post helpful.
Old 11-16-2012, 09:21 AM   #5
melive
LQ Newbie
 
Registered: Sep 2012
Location: Bogotá - Colombia
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks!

You are right, I was modifying slapd.conf but my openldap configuration was taking the slapd.d conf, so I delete slapd.d then openldap takes my slapd.conf configuration.

however I was getting an error in:

dn: cn=pepito,cn=Users,dc=prueba,dc=co
changetype: modify
add: pwdPolicySubentry
pwdPolicy: cn=user,ou=pwpolicies,dc=prueba,dc=co

so I uncomment the pwdPolicySubentry and pwdAccountLockedTime attributes from ppolicy.schema and I use pwdPolicySubentry instead of pwdPolicy, also I delete this line "MUST ( pwdAttribute )" from pwdPolicy objectclass.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP "pwdPolicySubentry" for ppolicy not applying cheetos Linux - Software 1 06-19-2011 06:24 PM
OpenLdap: confusing users jonaskellens Linux - Server 26 12-16-2010 07:51 AM
openldap ppolicy in RHEL5 frndrfoe Linux - Server 2 04-01-2010 12:56 PM
LXer: OpenLDAP Quick Tips: Enable in Directory Monitoring LXer Syndicated Linux News 0 12-11-2008 06:20 PM
enable disable Tuttle General 0 01-08-2005 04:21 PM


All times are GMT -5. The time now is 02:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration