Issue #301 has been updated by Hanxin Wu.
Hi Clement, I installed openldap-2.4.23 as you recommended in another VM. It behaves the same as before. I used Apache Directory studio to connect to the ldap in an non-rootdn account -- [email protected],ou=users,o=GNISE, which has write previlige on ldap records. When I change password for a user, It keeps popping up errors. In the log, I can see: Feb 7 21:13:09 bahldap2 slapd[23925]: conn=1103 op=41 SRCH base="[email protected],ou=users,o=BAH" scope=0 deref=3 filter="(objectClass=*)" Feb 7 21:13:09 bahldap2 slapd[23925]: conn=1103 op=41 SRCH attr=* Feb 7 21:13:09 bahldap2 slapd[23925]: conn=1103 op=41 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=42 MOD dn="[email protected],ou=users,o=BAH" Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=42 MOD attr=userPassword Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=42 RESULT tag=103 err=19 text=Password fails quality checking policy Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=43 SRCH base="[email protected],ou=users,o=BAH" scope=0 deref=3 filter="(objectClass=*)" Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=43 SRCH attr=* Feb 7 21:13:15 bahldap2 slapd[23925]: conn=1103 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text= In the log file, I can't find any output from check_password module. Below are components and configurations: in /opt/openlibexec/openldap dir, I can see check_password.so ppolicy-2.4.so.2 ppolicy-2.4.so.2.5.6 ppolicy.la ppolicy.so in /opt/openldap/etc/openldap dir, I can see check_password.conf ldap.conf slapd.conf slapd.conf contains: include /opt/openldap/etc/openldap/schema/core.schema include /opt/openldap/etc/openldap/schema/cosine.schema include /opt/openldap/etc/openldap/schema/inetorgperson.schema include /opt/openldap/etc/openldap/schema/BAH.schema include /opt/openldap/etc/openldap/schema/ppolicy.schema pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args modulepath /opt/openldap/libexec/openldap moduleload ppolicy.la TLSCACertificateFile /etc/pki/tls/certs/dod-ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/ldap.cer TLSCertificateKeyFile /etc/pki/tls/certs/ldap.key TLSCipherSuite TLSv1 TLSVerifyClient allow access to dn.base="" by * read access to dn.subtree="o=BAH" by self write by dn.base="[email protected],ou=users,o=BAH" write by users read by anonymous auth database bdb suffix "o=BAH" rootdn "o=BAH" rootpw secret loglevel 256 logfile /opt/openldap/logs/ldap.log overlay ppolicy ppolicy_default "cn=default,ou=policies,o=BAH" directory /opt/openldap/var/openldap-data index objectClass eq ldap.conf contains: timelimit 120 bind_timelimit 120 idle_timelimit 3600 pam_lookup_policy yes nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://192.168.42.3/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 check_password.conf contains: minPoints 4 useCracklib 0 minUpper 2 minLower 2 minDigit 2 minSpecialChar 2 ppolicy.ldif and users.ldif are the same as attached in previous post. Requests 1) Can you point out the problems? Provide clues/tips. 2) you have recommended to add a pwdPolicySubentry attribute. But I don't know how. Should I add that attribute for each individual user or add it on ou=users level? What would be the value for the attribute? Thanks for your help in advance. Below is the installation scripts for your info: cd /opt/ wget http://download.oracle.com/berkeley-db/db-4.7.25.tar.gz tar zxvf db-4.7.25.tar.gz cd db-4.7.25 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.1 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.2 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.3 wget http://download.oracle.com/berkeley-db/patches/db/4.7.25/patch.4.7.25.4 patch -p0 < patch.4.7.25.1 patch -p0 < patch.4.7.25.2 patch -p0 < patch 4.7.25.3 patch -p0 < patch 4.7.25.4 cd build_unix/ ../dist/configure --enable-ppolicy --prefix=/opt/db-4.7.25/db4 make make install cd /opt/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.23.tgz tar zxvf openldap-2.4.23.tgz cd openldap-2.4.23 export CPPFLAGS="-I/opt/db-4.7.25/db4/include" export LDFLAGS="-L/opt/db-4.7.25/db4/lib -R/opt/db-4.7.25/db4/lib" export LD_LIBRARY_PATH=/opt/db-4.7.25/build_unix/.libs ./configure --prefix=/opt/openldap --enable-ppolicy=mod --enable-modules=yes --enable-dynamic=yes make depend make make test make install ---------------------------------------- Bug #301: can't make check_password work http://tools.lsc-project.org/issues/301 Author: Hanxin Wu Status: Assigned Priority: Normal Assigned to: Clément Oudot Category: OpenLDAP check password Target version: openldap-check-password-1.2 I have openldap-2.4.21 installed in the latest Red Hat Linux VM. I was trying to make check_password function work by following the instruction at http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password. But can never make it. If gurus here are willing to help, I would provide detailed info. Thanks in advance. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
