Hi Andy, Thanks for your reply. It's not a copy and paste It was misspelled. How I have understood it when you have an entry in a specific user this overwrites the entries in default. In this case the entry in user1 overwrites default's entry.
Thanks! On 08/27/2012 05:19 PM, Andy Poirier wrote: > It looks like you have some conflicting arguments in your ldif, not sure if > that matters. Is this a copy and paste ldif or did you have to type it by > hand? > > The ones that stand out are > pwdMaxAge: 60 > pwdMaxAge: 0 - means that passwords will not expire > pwdMinLenght: 5 - misspelled > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of cbulist > Sent: Monday, August 27, 2012 4:30 PM > To: [email protected] > Subject: Configuring ppolicy problem > > Hi, > > I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and > pwdWarning (I am able to login when my password is suppose to be expired) I > tried with shadowAccount instead of PwdPolicy and It is working well. > > This is my relevant setting in slapd.conf > > > include /etc/openldap/schema/ppolicy.schema > > moduleload ppolicy.la > > overlay ppolicy > ppolicy_default "cn=default,ou=policies,dc=sample,dc=com" > ppolicy_use_lockout > > My ldip file is: > > objectClass: organizationalUnit > objectClass: top > ou: policies > > dn: cn=default,ou=policies,dc=sample,dc=com > objectClass: pwdPolicy > objectClass: person > objectClass: top > cn: default > pwdAttribute: userPassword > sn: dummy > pwdAllowUserChange: TRUE > pwdCheckQuality: 2 > pwdExpireWarning: 50 > pwdFailureCountInternal: 30 > pwdGraceAuthNLimit: 5 > pwdInHistory: 5 > pwdLockout: FALSE > pwdLockDuration:0 > pwdMaxAge: 60 > pwdMaxAge: 0 > pwdMaxFailure: 5 > pwdMinAge: 0 > pwdMinLenght: 5 > pwdMustChange: FALSE > pwdSafeModify: FALSE > > > dn: cn=user1,ou=policies,dc=sample,dc=com > objectClass: pwdPolicy > objectClass: person > objectClass: top > objectClass: posixAccount > objectClass: pwdPolicy > objectClass: shadowAccount > cn: user1 > pwdAttribute: userPassword > gidNumber: 501 > homeDirectory: /home/user1 > sn: test > uid: user1 > uidNumber: 501 > pwdAllowUserChange: TRUE > pwdAge: 20 > pwdExpireWarning: 15 > userPassword: XXXXX > > > Thanks in advance! >
