Hello, Wow. I feel like an idiot. I solved my problem. My OpenSUSE clients were sending passwords as md5 and cause my openldap server not able to read the password information. I changed the clients to send password as "exop" and that did the trick.
Jose --- On Thu, 2/25/10, Jose G. Torres <[email protected]> wrote: > From: Jose G. Torres <[email protected]> > Subject: Re: Check password module/ppolicy problem on Solaris 10 (2.4.21 OL > sources) > To: [email protected] > Date: Thursday, February 25, 2010, 9:04 AM > Hello again, > Well I tried the following. > > Added the full path of the check_password.so in my > slapd.conf under "moduleload". > moduleload > /opt/openldap/etc/openldap/modules/check_password.so > > Added the full path to my check_password.so module in my > ldif > pwdCheckModule: > /opt/openldap/etc/openldap/modules/check_password.so > > Recompiled the sources again using the configure used to > build the openSUSE package. > CC=/usr/sfw/bin/gcc CPPFLAGS=-I/opt/openldap/include \ > LDFLAGS="-L/opt/openldap/lib -R/opt/openldap/lib" \ > ./configure --prefix=/opt/openldap --with-tls \ > --enable-spasswd --enable-crypt --with-gnu-ld \ > --enable-ppolicy --enable-modules --enable-dynamic > --enable-aci --enable-bdb --enable-hdb \ > --enable-rewrite --enable-ldap=yes --enable-meta=mod \ > --enable-monitor=yes --enable-slp --enable-overlays=yes \ > > Still no luck. At least within my ldap logs I see the > "Password fails quality checking policy" so at least it is > hitting the ldap server for password checking. Any > ideas????? Thanks!!!! > > Jose > > > I am trying to get my solaris 10 openldap 2.4.21 > server to use my check_password.so module using the ppolicy > overlay. When I try to change a user's > > password from a linux client, I get the following > error message. > > > > passwd ldapuser > > Changing password for ldapuser. > > Enter login(LDAP) password: > > New Password: > > Reenter New Password: > > LDAP password information update failed: Constraint > violation > > Password fails quality checking policy > > passwd: Permission denied > > > > > > Within > > my logs, I do not see any error messages from my > check_password.so > > module. I created the directory > /opt/openldap/etc/openldap/modules and > > placed my module in that directory and I added the > modulepath in my > > slapd.conf. > > > > Is there something I missed? Is this > a PAM thing? I know this setup works on a OpenSUSE 11.2 > openldap server. Help. > > > > I included part of my slapd.conf, openldap configure, > check_password.c source, makefile and ldd of my > check_password.so. > > > > Thanks!!!! > > > > Jose Torres > > > > > > openldap configure > > ****************** > > > > CC=/usr/sfw/bin/gcc CPPFLAGS=-I/opt/openldap/include > \ > > LDFLAGS="-L/opt/openldap/lib -R/opt/openldap/lib" \ > > ./configure --prefix=/opt/openldap --with-tls \ > > --enable-spasswd --enable-crypt --with-gnu-ld \ > > --enable-ppolicy --enable-modules --enable-dynamic > > > > > > slapd.conf: > > ********** > > > > include > /opt/openldap/etc/openldap/schema/ppolicy.schema > > > > # Add password policies. > > modulepath /opt/openldap/etc/openldap/modules > > overlay ppolicy > > ppolicy_default > "cn=default,ou=policies,dc=caci,dc=ymp,dc=com" > > ppolicy_use_lockout > > > > I tried ppolicy_clear_txt I still have the same > problem. > > > > check_password.c: > > **************** > > > > #include <stdio.h> > > #include <stdlib.h> > > #include <string.h> > > #include <ctype.h> > > #include "portable.h" > > #include "slap.h" > > > > int init_module() > > { > > return 0; > > } > > > > int check_password(char *pPasswd, char **ppErrStr, > Entry *pEntry) > > { > > char error=0; > > char retmsg[255]; > > char *message,*buffer,*token; > > const char special[] > ="!\"#$%&'()*+,-./:;<=>?...@[\\]^_`{|}~"; > > const char number[] ="1234567890"; > > const char CAPS[] > ="ABCDEFGHIJKLMNOPQRSTUVWXYZ"; > > > > error = 0; > > > > > > if (strstr( pPasswd, " ") != NULL) > > { > > error = 1; > > strcpy(retmsg , > "******** CHECKPW: Password contains SPACES! ********"); > > } > > > > buffer = strdup(pPasswd); > > token = strtok(buffer,special); > > if ( !(strcmp(token,pPasswd)) || (token > == NULL) ) > > { > > error = 1; > > strcpy(retmsg , > "******** CHECKPW: Password does not contain any special c > > haracters! ********"); > > } > > > > buffer = strdup(pPasswd); > > token = strtok(buffer,number); > > > > if ( !(strcmp(token,pPasswd)) || (token > == NULL) ) > > { > > error = 1; > > strcpy(retmsg , > "******** CHECKPW: Password does not contain any numbers! > > ********"); > > } > > > > buffer = strdup(pPasswd); > > token = strtok(buffer,number); > > > > if ( !(strcmp(token,pPasswd)) || (token > == NULL) ) > > { > > error = 1; > > > strcpy(retmsg , "******** CHECKPW: Password does not contain > any CAPITAL L > > ETTERS! ********"); > > } > > > > if (error) > > { > > /* Allocate */ > > message = (char > *)malloc(sizeof(char) * (strlen(retmsg)+1)); > > /* Copy the contents of > the string. */ > > strcpy(message, > retmsg); > > *ppErrStr=message; > > } > > return error; > > } > > > > Makefile: > > ********* > > > > check_password.so: check_password.o > > gcc > -L/opt/openldap/lib -lldap -shared -o check_password.so > check_passwo > > rd.o > > check_password.o: check_password.c > > gcc -fpic > -I../../include -I. -c check_password.c > > clean: > > rm > check_password.so check_password.o > > > > > > It seems to find the right libraries. > > > > $ ldd modules/check_password.so > > libldap-2.4.so.2 > => > /opt/openldap/lib/libldap-2.4.so.2 > > libgcc_s.so.1 > => > /usr/sfw/lib/libgcc_s.so.1 > > liblber-2.4.so.2 > => > /opt/openldap/lib/liblber-2.4.so.2 > > libresolv.so.2 > => /usr/lib/libresolv.so.2 > > libgen.so.1 > => /usr/lib/libgen.so.1 > > libnsl.so.1 > => /usr/lib/libnsl.so.1 > > libsocket.so.1 > => /usr/lib/libsocket.so.1 > > libsasl.so.1 > => /usr/lib/libsasl.so.1 > > libssl.so.0.9.7 > => > /usr/sfw/lib/libssl.so.0.9.7 > > > libcrypto.so.0.9.7 => > /usr/sfw/lib/libcrypto.so.0.9.7 > > libc.so.1 > => /usr/lib/libc.so.1 > > libmp.so.2 > => /usr/lib/libmp.so.2 > > libmd.so.1 > => /usr/lib/libmd.so.1 > > libscf.so.1 > => /usr/lib/libscf.so.1 > > libdoor.so.1 > => /usr/lib/libdoor.so.1 > > libuutil.so.1 > => > /usr/lib/libuutil.so.1 > > > libssl_extra.so.0.9.7 => > /usr/sfw/lib/libssl_extra.so.0.9.7 > > > libcrypto_extra.so.0.9.7 => > /usr/sfw/lib/libcrypto_extra.so.0.9.7 > > libm.so.2 > => /usr/lib/libm.so.2 > > > >
