openldap 2.4 and ppolicy
Per olof Ljungmark
peo at intersonic.se
Mon Dec 5 20:09:17 UTC 2016
On 2016-12-05 11:00, Matthew Seaman wrote:
> On 12/05/16 01:55, Per Olof Ljungmark wrote:
>> Can someone who implemented ppolicy on FreeBSD please enlighten me on
>> how this is done with the cn=config backend? Openldap can be really
>> frustrating at times!
>
> I've done this, and it is working exactly as designed for me.
>
> You need an entry similar to this:
>
> dn: olcOverlay={5}ppolicy
> objectClass: olcOverlayConfig
> objectClass: olcPPolicyConfig
> olcOverlay: {5}ppolicy
> olcPPolicyDefault: cn=Default Password Policy,ou=Policy,dc=example,dc=com
> olcPPolicyHashCleartext: TRUE
> olcPPolicyUseLockout: TRUE
> olcPPolicyForwardUpdates: FALSE
> structuralObjectClass: olcPPolicyConfig
>
> Located at
>
> cn=config/olcDatabase={1}mdb
>
> This tells LDAP to load the ppolicy overlay.
>
> Here olcDatabase {0} is the config tree read from
> ${LOCALBASE}/etc/openldap/slapd.d/ with olcDatabase {1} being our LDAP tree.
> Then you need to define your password policy at the specified DN within
> your main LDAP tree.
Hi Matthew,
I have gotten to a point very close to what you posted, however, I
cannot add
objectClass: olcOverlayConfig
that returns an "unwilling to perform" error. Are your overlays
statically compiled or dynamic?
Cheers,
//per
More information about the freebsd-ports
mailing list