Hello, Have you trying adding a "objectClass: top" on your entry?
2010/1/5 Saavedra, Gisella <[email protected]> > I read the entry in Chapter 6 > > http://www.zytrax.com/books/ldap/ch6/ppolicy.html#examples > > regarding setting the Password Policy Control. > > > > I have installed OpenLDAP through Cygwin. OpenLDAP is version 2.3.43 > > > > I created my db and included the Password Policy control schema, but I am > getting the following error when I try to load my default and user policies: > > > > > > $ ldapadd -H ldap://localhost:666 -x -D "cn=Manager,dc=zes_example,dc=com" > -w secret -f /etc/openldap/data/ppolicy.ldif > > adding new entry "ou=pwdpolicies,dc=zes_example,dc=com" > > > > adding new entry "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" > > ldapadd: Object class violation (65) > > additional info: no structural object class provided > > > > Any idea? Do I need to add the password policy (ldif file) before I give > the directive in slapd.conf? > > > > ----------------------------------------- > > The policy.ldif: > > > > dn: ou=pwdpolicies,dc=zes_example,dc=com > > ou: pwdpolicies > > description: All password Policies > > objectclass: organizationalunit > > > > # Default Password Policy > > dn: cn=default,ou=pwdpolicies,dc=zes_example,dc=com > > objectClass: pwdPolicy > > cn: default > > # User can change his/her password > > pwdAllowUserChange: TRUE > > # Return warning to bind attempt (seconds) -- 3 days > > pwdExpireWarning: 259200 > > # Interval in seconds to reset failure pwd count > > pwdFailureCountInterval: 100 > > # Do not allow to bind on expired passwords > > pwdGraceAuthNLimit: 0 > > # Reject any password changes in this list > > pwdInHistory: 3 > > # Lock out account when user tries more than x attempts using invalid > password > > pwdLockout: TRUE > > # Do not allow the system to unlock the account > > pwdLockoutDuration: 0 > > # Consecutinve # of failure attempts > > pwdMaxFailure: 5 > > # How long the password lasts before user has to change it (seconds) -- 90 > days > > pwdMaxAge: 77760000 > > # Password length > > pwdMinLength: 6 > > > > > > The commands in my slapd.conf are: > > > > … > > include /etc/openldap/schema/ppolicy.schema > > … (not usre if I need the next line) > > loadmodule ppolicy.la > > > > # invokes password policies for this DIT only > > overlay ppolicy > > # Default ppolicy > > ppolicy_default "cn=default,ou=pwdpolicies,dc=zes_example,dc=com" > > # Some ppolicy directives > > ppolicy_use_lockout > > > > > > > > > > *Gisella Saavedra > *Sr. Software Engineer > *[email protected]* > > [image: http://www.navis.com/images/spacer.gif] > > 1000 Broadway, Suite 150, Oakland, CA 94607 | T+1 510 267 5123 T Main+1 > 510 267 5000 F+1 510 267 5100 | *http://www.zebra.com/zes* > > > > > > ------------------------------ > - CONFIDENTIAL- > > This email and any files transmitted with it are confidential, and may also > be legally privileged. If you are not the intended recipient, you may not > review, use, copy, or distribute this message. If you receive this email in > error, please notify the sender immediately by reply email and then delete > this email. > -- Diego Lima
<<image001.gif>>
