StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POEnforcing ppolicy to openldap users
text
Body
copied!<p>I am working with OpenLDAP and client browser as Apache directory Studio. I did whatever required for enforcing ppolicies to the openLDAP users still I think its missing something and someware. This is my ppolicy.ldif</p> <pre><code> dn: dc=maxcrc,dc=com objectClass: top objectClass: domain dc: maxcrc dn: ou=People,dc=maxcrc,dc=com objectClass: organizationalUnit objectClass: top ou: People description: Container for user entries dn: ou=policies,dc=maxcrc,dc=com objectClass: top objectClass: organizationalUnit ou: policies dn: cn=default,ou=policies,dc=maxcrc,dc=com objectClass: pwdPolicy objectClass: top objectClass: device cn: default pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdCheckQuality: 1 pwdExpireWarning: 86400 pwdInHistory: 6 pwdLockout: TRUE pwdLockoutDuration: 1920 pwdMaxAge: 172800 pwdMaxFailure: 4 pwdMinLength: 6 pwdSafeModify: FALSE dn: uid=jery,dc=maxcrc,dc=com objectClass: pwdPolicy objectClass: posixAccount objectClass: top objectClass: account cn: maxcrc jery gidNumber: 1011 homeDirectory: /home/jery pwdAttribute: userPassword uid: jery uidNumber: 1011 pwdPolicySubentry:cn=strong,ou=policies,dc=maxcrc,dc=com dn: cn=strong,ou=policies,dc=maxcrc,dc=com objectClass: device objectClass: top objectClass: pwdPolicy cn: strong pwdAttribute: userPassword pwdMaxAge: 1296000 pwdMinLength: 4 </code></pre> <p>still it allows to add userPassword from apache directory studio with more than 4 character.can anyone tell me why is it so? Thanks in advance .</p> <p>below is my sldap.config file</p> <pre><code> # BDB Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema include ./schema/openldap.schema include ./schema/dyngroup.schema include ./schema/ppolicy.schema moduleload ppolicy.la moduleload syncprov.la moduleload back_bdb.la moduleload back_ldap.la pidfile ./run/slapd.pid argsfile ./run/slapd.args # Enable TLS if port is defined for ldaps TLSVerifyClient never TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCertificateFile ./secure/certs/server.pem TLSCertificateKeyFile ./secure/certs/server.pem TLSCACertificateFile ./secure/certs/server.pem ####################################################################### # bdb database definitions ####################################################################### database monitor database bdb suffix "dc=maxcrc,dc=com" # invokes password policies for this DIT only overlay ppolicy # Default ppolicy ppolicy_default "cn=strong,ou=policies,dc=maxcrc,dc=com" # Some ppolicy directives ppolicy_use_lockout ppolicy_hash_cleartext # ACL1 #access to attrs=userPassword # by self write # by anonymous auth # by group.exact="cn=Manager,dc=maxcrc,dc=com" # write # by * none # ACL3 #access to * # by self write # by group.exact="cn=Manager,dc=maxcrc,dc=com" # write # by users read # by * none rootdn "cn=Manager,dc=maxcrc,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory ./data dirtyread searchstack 20 # Indices to maintain index mail pres,eq index objectclass pres index default eq,sub index sn eq,sub,subinitial index telephonenumber index cn </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload