Issue #301 has been updated by Hanxin Wu. File Makefile added File check_password.c added File check_password.conf added File BAH-ppolicy.ldif added File BAH-user.ldif added
This is the instruction I followed to install Berkeley and OPenldap: Install Berkeley DB 4.7.25 with all Latest Patches Download and extract Berkeley DB 4.7.25 from Oracle into /opt/db-4.7.25 using the following commands: cd /opt/ wget http://download.oracle.com/berkeley-db/db-4.7.25.tar.gz tar zxvf db-4.7.25.tar.gz cd db-4.7.25 Install patch.4.7.25.1-4 using the following commands: wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.1 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.2 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.3 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.4 patch -p0 < patch.4.7.25.1 patch -p0 < patch.4.7.25.2 patch -p0 < patch 4.7.25.3 patch -p0 < patch 4.7.25.4 Compile and install Berkeley DB 4.7.25 using the following commands: cd build_unix/ ../dist/configure --enable-ppolicy --prefix=/opt/db-4.7.25/db4 make make install Install OpenLDAP 2.4.21 Download and extract OpenLDAP 2.4.21 into /opt/openldap-2.4.21 using the following commands: cd /opt/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-stable-20100219.tgz tar zxvf openldap-stable-20100219.tgz cd openldap-2.4.21 Compile and install OpenLDAP 2.4.21 using the following commands: export CPPFLAGS="-I/opt/db-4.7.25/db4/include" export LDFLAGS="-L/opt/db-4.7.25/db4/lib -R/opt/db-4.7.25/db4/lib" export LD_LIBRARY_PATH=/opt/db-4.7.25/build_unix/.libs ./configure --prefix=/opt/openldap --enable-ppolicy=mod --enable-modules=yes --enable-dynamic=yes if errors if you see "configure: error: could not locate libtool ltdl.h", run the following commands to install libtool: sudo yum install libtool cp /usr/share/libtool/libltdl/ltdl.h /usr/include/ if you see "configure: error: could not locate libtool -lltdl", run the following commands: cd /usr/share/libtool/libltdl ./configure make make install if you see "configure: error: Berkeley DB version mismatch", update Berkeley DB make depend make make test (this command is optional and tests the build - replication tests will not pass at this point) sudo make install Here is the steps I built check_password module I updated Makefile file to match the path in my environment. I updated check_password.c to meet my client's requirement. copied all files to /opt/check_password/ cd /opt/check_password/ make make install LIBDIR='/opt/openldap/lib' (no errors) Here is the configuration I made updated slapd.conf, ldap.conf, syslog.conf in slapd.conf, added the following: ...... include /opt/openldap/etc/openldap/schema/ppolicy.schema include /opt/openldap/etc/openldap/schema/BAH.schema ...... modulepath /opt/openldap/libexec/openldap moduleload ppolicy.so ...... access to dn.subtree="o=BAH" by self write by dn.base="[email protected],ou=users,o=BAH" write by users read by anonymous auth ...... loglevel 256 logfile /var/log/openldap.log in ldap.conf, uncommented pam_lookup_policy yes in /etc/syslog.conf, added local4.* /var/log/openldap.log I installed Apache Directory studio to load ldif file The ldif for users and pploicy are attached. To enforce password policy to kick in on changes, I created a connection to ldap using pwd_admin account which allows to change password for any users. problems: 1) It keeps popping up "Password fails quality checking policy" even though I provide a perfect password, e.g. Q!W@E#R$t5y6u7i8 2) No log info found from check_password module although defined DEBUG in Makefile. I can see lots of info from ppolicy module. e.g. Feb 4 17:07:52 bahldap slapd[17074]: conn=1036 op=13 RESULT tag=103 err=19 text=Password is too young to change ...... Feb 4 17:08:17 bahldap slapd[17074]: conn=1036 op=16 RESULT tag=103 err=19 text=Password fails quality checking policy 3) It seems check_password was not kicked in. It returns failure by default. Questions 1) How to setup logging for check_password? I added some code in check_password.c, trying to write log info to s file. But never see the file being created. I guess check_password module was never been executed 2) Did you see any problems with ppolicy and user structure? I was wondering whether the ppolicy applies to everyone or not. If need more info, please let me know. Thank you very much. -- H.Wu from Booz Allen ---------------------------------------- Bug #301: can't make check_password work http://tools.lsc-project.org/issues/301 Author: Hanxin Wu Status: New Priority: Normal Assigned to: Category: OpenLDAP check password Target version: I have openldap-2.4.21 installed in the latest Red Hat Linux VM. I was trying to make check_password function work by following the instruction at http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password. But can never make it. If gurus here are willing to help, I would provide detailed info. Thanks in advance. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
