I try to enable ppolicy in openldap. I have tried it with the following tutorial: https://tobru.ch/openldap-password-policy-overlay/
Steps I have done:
- Load the ppolicy schema into OLC –> Success
- Load the module –> Succcess
- Configure ppolicy overlay –> Failed
Step 3:
ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicycfgOverlay-add.ldif
#File: ppolicycfgOverlay-add.ldif
dn: olcOverlay={0}ppolicy,cn=olcDatabase{1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=ldap,dc=example,dc=net
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: TRUE
olcPPolicyForwardUpdates: FALSE
throws error:
adding new entry "olcOverlay={0}ppolicy,cn=olcDatabase{1}mdb,cn=config"
ldap_add: No such object (32)
matched DN: cn=config
Additional things I have tried:
- Adding the ppolicy entrys in database before setting up the overlay
- Read http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-overlays
The File "olcOverlay={0}ppolicy" does not exist in the slapd cfg directory. But I don't know why.
Best Answer
I found the mistake:
The dn was wrong:
cn=olcDatabase{1}mdb
has to beolcDatabase={1}mdb
.So the correct dn is:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
.