Hi Roland, we solved the CRYPT-SHA512 Question, thank you! It just was kinda misleading that TreeView is not supporting SHA512 ;)
We are still facing the Syntax Issue though.
The ppolicy Schema is loaded and we added the module and Overlay.
Module:
# module{1}, config
dn: cn=module{1},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}ppolicy.la
Overlay:
# {1}ppolicy, {2}bdb, config
dn: olcOverlay={1}ppolicy,olcDatabase={2}bdb,cn=config
objectClass: olcPPolicyConfig
olcOverlay: {1}ppolicy
We were able to add a Password Policy via LDIF-Files, but the
pwdAttribute didn't get "userPassword" and had to be given the OID. It
seems like that is the problem of LAM. It tries to fill "pwdAttribute"
with "userPassword" but fails to do so.
Also after adding the Password Policy via LDIFs we configured a User to
use it, but it had no effects like lockouts or minimum password length...
I hope you can follow me :D
Thanks and best regards!
Mirko
On 02.09.2017 10:09, Roland Gruber wrote:
> Hi Mirko,
>
> On 01.09.2017 09:03, Mirko Keiner wrote:
>> on our LDAP Server we set CRYPT-SHA512 Hashes via .ldif-Files. This
>> works fine so far. Question is: How do we configure LAM to use
>> CRYPT-SHA512 when a user tries to reset his Password via the SelfService
>> Page? Also in the TreeView we can set a Password with CRYPT, but not
>> CRYPT-SHA512.
> the hash method can be selected in server and self service profile
> settings. See tab module settings and then Unix. Here you can select
> CRYPT-SHA512 as hash type.
> Please note that this needs to be configured separately for self service
> and admin pages.
>
> Tree view currently does not support CRYPT-SHA512.
>
>
>> We activated the ppolicy module, but when I try to create a Password
>> Policy I get the following Error Message:
>>
>> "LDAP error, server says: Invalid syntax - pwdAttribute: value #0
>> invalid per syntax"
> Did you install the PPolicy schema? PPolicy requires to activate a
> module on LDAP server side + installation of its LDAP schema.
>
> http://www.zytrax.com/books/ldap/ch6/ppolicy.html
>
>
> Best regards
>
> Roland
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> Lam-public mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/lam-public
--
Mirko Keiner
Linux - Systemadministrator
surfmedia.de
Email: [email protected]
Phone: +494023706181
Web: http://www.surfmedia.de
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
