Hello, I have a new RHEL 6.5 "basic install" server on which I have installed:
Feb 24 16:29:28 Installed: berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64 Feb 24 16:29:28 Installed: libtool-ltdl-2.2.6-15.5.el6.x86_64 Feb 24 16:29:31 Installed: openldap-ltb-2.4.39-2.el6.x86_64 Feb 24 16:29:31 Installed: openldap-ltb-check-password-1.1-8.el6.x86_64 Feb 25 08:32:02 Installed: openldap-clients-2.4.23-34.el6_5.1.x86_64 Feb 25 10:11:53 Installed: openldap-ltb-contrib-overlays-2.4.39-2.el6.x86_64 Feb 25 10:11:56 Installed: openldap-ltb-debuginfo-2.4.39-2.el6.x86_64 I was able to get my database copied over using /usr/local/openldap/sbin/slapadd and got my configuration matching our old server. This new server seems to be acting just as the old server did and the test policies are working. I copied check_password.so from /usr/local/openldap/lib64/check_password.so to /usr/local/openldap/libexec/openldap where my slapd.conf is told to look for modules. It has 755 mode bits. This is my test policy; # extended LDIF # # LDAPv3 # base <ou=Policies,dc=test,dc=com> with scope subtree # filter: cn=test # requesting: ALL # # test, Policies, test.com dn: cn=test,ou=Policies,dc=test,dc=com cn: test objectClass: pwdPolicy objectClass: person objectClass: top objectClass: pwdPolicyChecker pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdFailureCountInterval: 300 pwdGraceAuthNLimit: 3 pwdLockout: TRUE pwdLockoutDuration: 300 pwdMaxFailure: 5 pwdMinAge: 0 pwdMustChange: TRUE pwdSafeModify: FALSE sn: dummy value pwdCheckQuality: 0 pwdInHistory: 0 pwdExpireWarning: 36000 pwdMaxAge: 0 pwdMinLength: 8 pwdCheckModule: check_password.so and my test user is assigned to this policy: # gpitman2, People, test.com dn: uid=gpitman2,ou=People,dc=test,dc=com pwdPolicySubentry: cn=test,ou=Policies,dc=test,dc=com structuralObjectClass: inetOrgPerson entryUUID: dad5e8e4-3271-1033-964e-4fa41b17c517 creatorsName: cn=Manager,dc=test,dc=com createTimestamp: 20140225140707Z pwdChangedTime: 20140225170348Z entryCSN: 20140225170348.395103Z#000000#000#000000 modifiersName: uid=gpitman2,ou=People,dc=test,dc=com modifyTimestamp: 20140225170348Z entryDN: uid=gpitman2,ou=People,dc=test,dc=com subschemaSubentry: cn=Subschema hasSubordinates: FALSE /usr/local/openldap/etc/openldap/check_password.conf contains: minPoints 3 useCracklib 1 minUpper 1 minLower 1 minDigit 1 minPunct 1 I am not seeing anything regarding the check_policy.so module in the logs with loglevel set to -1 and I am able to set weak passwords. also looks like cracklib is installed cracklib.x86_64 2.8.16-4.el6 @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2 cracklib-dicts.x86_64 2.8.16-4.el6 @anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2 Any advice would be great! - Gary
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
