Search Results

Search found 238 results on 10 pages for 'openldap'.

Page 2/10 | < Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >

  • disallow anonymous bind in openldap

    - by shashank prasad
    Folks, I have followed the instructions here http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html to setup my OpenLdap and its working just fine, except an anonymous user can bind to my server and see the whole user/group structure. LDAP is running over SSL. I have read online that i can add disallow bind_anon and require authc in the slapd.conf file and it will be disabled but there is no slapd.conf file to begin with and since this doesn't use slapd.conf for its configuration as i understand OpenLdap has moved to a cn=config setup so it wont read that file even if i create one. i have looked online without any luck. I believe i need to change something in here olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read but i am not sure what. Any help is appreciated. Thank you! -shashank

    Read the article

  • Mac OS X behind OpenLDAP and Samba

    - by Sam Hammamy
    I have been battling for a week now to get my Mac (Mountain Lion) to authenticate on my home network's OpenLDAP and Samba. From several sources, like the Ubuntu community docs, and other blogs, and after a hell of a lot of trial and error and piecing things together, I have created a samba.ldif that will pass the smbldap-populate when combined with apple.ldif and I have a fully functional OpenLDAP server and a Samba PDC that uses LDAP to authenticate the OS X Machine. The problem is that when I login, the home directory is not created or pulled from the server. I get the following in system.log Sep 21 06:09:15 Sams-MacBook-Pro.local SecurityAgent[265]: User info context values set for sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got user: sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got ruser: (null) Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got service: authorization Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_principal_for_user(): no authauth availale for user. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_principal_for_user(): failed: 7 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Failed to determine Kerberos principal name. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Done cleanup3 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Kerberos 5 refuses you Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_record_check_pwpolicy(): retval: 0 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Establishing credentials Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Got user: sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Context initialised Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): pam_sm_setcred: ntlm user sam doesn't have auth authority All that's great and good and I authenticate. Then I get CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/172.17.148.186/home/sam is unavailable. User domains will be volatile. Failed looking up user domain root; url='file://localhost/Network/Servers/172.17.148.186/home/sam/' path=/Network/Servers/172.17.148.186/home/sam/ err=-43 uid=9000 euid=9000 If you're wondering where /Network/Servers/IP/home/sam comes from, it's from a couple of blogs that said the OpenLDAP attribute apple-user-homeDirectory should have that value and the NFSHomeDirectory on the mac should point to apple-user-homeDirectory I also set the attr apple-user-homeurl to <home_dir><url>smb://172.17.148.186/sam/</url><path></path></home_dir> which I found on this forum. Any help is appreciated, because I'm banging my head against the wall at this point. By the way, I intend to create a blog on my vps just for this, and create an install script in python that people can download so no one has to go through what I've had to go through this week :) After some sleep I am going to try to login from a windows machine and report back here. Thanks Sam

    Read the article

  • how do you set the admin password on openldap 2.4

    - by dingfelder
    I am getting started with openLdap 2.4 and am having a bit of trouble, all the examples I see seem to refer to previous versions which used the text config file slapd.conf but from what I see on discussions about v2.4, this has been deprecated. I thought prehaps I needed to add a user, and log in as them but when I try and run an ldapadd command, I get a prompt to enter a password: Enter LDAP Password: ldap_bind: Invalid credentials (49) Notes: I installed openldap server via yum (in fedora 15), and have installed phpldapadminbut also can try things on the command line if anyone has suggestions. After installing and starting I get the following response from a search: # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts dn: namingContexts: dc=my-domain,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 I am glad to remove and reinstall the server if that helps, can anyone provide a link to tips that works for version 2.4 for a new setup?

    Read the article

  • Ubuntu OpenLDAP and Mac OS X Roaming Profiles

    - by Sam Hammamy
    Today, I'm installing OpenLDAP on Ubuntu 11.04. I have gone through the installation before a few times, but what I have never been able to do is use Mac OSX Lion's Directory Utility to administer the LDAP server, and also never got roaming profiles working. SO the question is: 1) Is there a configuration I need in OpenLDAP so I can administer it remotely. I vaguely remember something like that, but I can't find the answer online. 2) What do I need to setup roaming profiles for a mac os x. I'd like to backup all my laptop data to the LDAP's machine, and potentially, also backup with time machine to an external HD mounted no the Ubutnu machine (but that's a few days ahead of time for now).

    Read the article

  • objectClass in openldap.

    - by garden air
    I am working on openldap in my linux box (centos) as testing.I create a base file to discuss with you about objectClass functionality & its impact if we not write.I write objectClass two times i.e top and domain .What does it mean ? The 2nd one is drived from the firect objectClass like parents child relation ? [root@srv1 openldap]# vim base.ldif base.ldif dn: dc=test,dc=local dc: test objectClass: top objectClass: domain Now I create add two OUs and does not add objectClass:top in both sales and marketing. To add two OUs i.e Sales and Marketing dn: ou=Sales,dc=test,dc=local ou: Sales objectClass:organizationalUnit dn: ou=Marketing,dc=test,dc=local ou: Marketing objectClass: organizationalUnit The confusion is should use all the parent objectClass and chield objectClass ? If we not add what impact will be on the structure ? In the following I use objectClass top and organizationalunit dn: ou=Sales,dc=test,dc=local ou: Sales objectClass: top objectClass:organizationalUnit dn: ou=Marketing,dc=test,dc=local ou: Marketing objectClass: top objectClass: organizationalUnit Please guide me which one is correct ? thanks garden

    Read the article

  • OpenLDAP Password Expiration with pwdReset=TRUE?

    - by jsight
    I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

    Read the article

  • OpenLDAP Password Expiration with pwdReset=TRUE?

    - by jsight
    I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

    Read the article

  • OpenLDAP PAM authen does not support SSHA on FreeBSD10

    - by suker200
    OpenLDAP PAM authen does not support SSHA? Hi everyone, Now, I lost one day to figure out, the reason my FreeBSD10 can not authenticate SSH user via LDAP because pam_ldap and nss_ldap do not support SSHA password when OpenLDAP support SSHA method. I have checked /usr/local/etc/ldap.conf, they just have these pam_password methods: clear, crypt, nds, racf, ad, exop. So, If I switch to CRYPT, I can authenticate successfully. So, IMHO, I will be very appreciative for any point or suggestion from everyone to make my FreeBSD10 PAM support SSHA, is there any way or can not? Infor: Ldap Server (389 DS - Centos) - Ldap client (FreeBSD10) what I have got: authen via Ldap between Centos - Centos (Okie). Centos (Ldap Server) - FreeBSD failed (work if I using crypt) Thank and BR Suker200

    Read the article

  • Replication from OSX OpenDirectory to OpenLDAP

    - by natacado
    I have an OpenDirectory server running on an OSX Server machine, and I'd like to increase the reliability of the service by having a slave server. The problem is, I only have 1 OSX Server but I have plenty of Linux servers available. I'm happy with Apple's tools that integrate with OpenDirectory, but given Apple's recent discontinuation of the XServe, I'm not particularly interested in continuing with Apple hardware. I remember hearing that OpenDirectory is (now-distantly) based off the OpenLDAP code base; is there any way I could replicate from OpenDirectory to OpenLDAP instead of having to purchase another OSX server?

    Read the article

  • OpenLDAP server logs filled with "TLS negotiation failure"

    - by WildVelociraptor
    I recently migrated an old OpenLDAP setup to a newer server, with a more robust certificate setup. Currently, most hosts are required to verify the cert matches the host: tls_checkpeer yes TLS_REQCERT always In the server logs, there are multiple occurences of: Nov 6 10:45:08 <servername> slapd[1773]: conn=2785646 fd=35 closed (TLS negotiation failure) These errors appear from multiple hosts, but there don't seem to be any issues actually logging into those servers with an LDAP account. Does anyone know what would cause these errors? The server is running Ubuntu 12.04.2, and OpenLDAP version 2.4.28. The cert was generated using GnuTLS.

    Read the article

  • Ubuntu 11.04 and OpenLDAP - where is the config?

    - by Tom SKelley
    I've been asked to setup a multimaster LDAP environment on Ubuntu 11.04 - instead of a single master server. I cloned the master server and recreated it into two VMs. I am trying to follow the instructions on the OpenLDAP documentation here: http://www.openldap.org/doc/admin24/replication.html and it talks about modifying the cn=config tree within LDAP. The subdirectory tree appears to be there at: /etc/ldap/slapd.d/ and a slapcat -b cn=config drops out a load of config information. When I try to connect using a browser and the admin bind credentials: ldapsearch -D '<adminDN>' -w <password> -b 'cn=config' I get: # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object I don't see the config context when I connect via an LDAP browser either. I'm sure I'm missing something, but I can't see what it is!

    Read the article

  • openldap proxied authorization

    - by bemace
    I'm having some trouble doing updates with proxied authorization (searches seem to work fine). I'm using UnboundID's LDAP SDK to connect to OpenLDAP, and sending a ProxiedAuthorizationV2RequestControl for dn: uid=me,dc=People,dc=example,dc=com with the update. I've tested and verified that the target user has permission to perform the operation, but I get insufficient access rights when I try to do it via proxy auth. I've configured olcAuthzPolicy=both in cn=config and authzTo={0}ldap:///dc=people,dc=example,dc=com??subordinate?(objectClass=inetOrgPerson) on the original user. The authzTo seems to be working; when I change it I get not authorized to assume identity when I try the update (also for searches). Can anyone suggest what else I should look at or how I could get more detailed errors from OpenLDAP? Anything else I can test to narrow down the source of the problem?

    Read the article

  • OpenLDAP mirror mode replication failing with TLS behind a load balancer

    - by Lynn Owens
    I have two OpenLDAP servers that are both running TLS. They are: ldap1.mydomain.com ldap2.mydomain.com I also have a load balancer cluster with a dns name of it's own: ldap.mydomain.com The SSL certificate has a CN of ldap.mydomain.com, with SANs of ldap1.mydomain.com and ldap2.mydomain.com. Everything works... Except mirror mode replication. My mirror mode replication is setup like this: ldap.conf TLS_REQCERT allow cn=config.ldif olcServerID: 1 ldap://ldap1.mydomain.com olcServerID: 2 ldap://ldap2.mydomain.com On ldap1, olcDatabase{1}hdb.ldif olcMirrorMode: TRUE olcSyncrepl: {0}rid=001 provider=ldap://ldap2.mydomain.com bindmethod=simple bindmethod=simple binddn="cn=me,dc=mydomain,dc=com" credentials="REDACTED" starttls=yes searchbase="dc=mydomain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" On ldap2, olcDatabase{1}hdb.ldif olcMirrorMode: TRUE olcSyncrepl: {0}rid=001 provider=ldap://ldap1.mydomain.com bindmethod=simple bindmethod=simple binddn="cn=me,dc=mydomain,dc=com" credentials="REDACTED" starttls=yes searchbase="dc=mydomain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" Here's the errors I'm getting in syslog: Dec 1 21:05:01 ldap1 slapd[6800]: slap_client_connect: URI=ldap://ldap2.mydomain.com DN="cn=me,dc=mydomain,dc=com" ldap_sasl_bind_s failed (-1) Dec 1 21:05:01 ldap1 slapd[6800]: do_syncrepl: rid=001 rc -1 retrying Dec 1 21:05:08 ldap1 slapd[6800]: conn=1111 fd=20 ACCEPT from IP=ldap.mydomain.com:2295 (IP=ldap1.mydomain.com:636) Dec 1 21:05:08 ldap1 slapd[6800]: conn=1111 fd=20 closed (TLS negotiation failure) Any ideas? I've been working on OpenLdap for way too long now.

    Read the article

  • How to scope access to a service to set of users, using OpenLDAP, and only OUs

    - by JDS
    Okay, here goes. Solving this will solve several problems for me (as I can reapply this knowledge to several extant, similar problems), but luckily I have a very specific, concise problem to describe. Enough preamble. Our hosting partner is setting up VPN access for us and is connecting it to our LDAP server. They are using Cisco VPN, the docs on setting this up are here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1 Specifically, note the screenshot in (5), under "ASDM" Now, I do NOT want to provide access to all of our users. I only want to provide access to our IT group. But I do not see a configuration option for LDAP groups on that web reference for the Cisco VPN. We are using: OpenLDAP 2.4 Static groups (i.e. "Group has the following members...") Single user OU, "ou=users,dc=mycompany,dc=com" Is it possible to provide an alias of some kind in OpenLDAP that creates another OU, "itusers", say, and lets me alias the members of that OU somehow? Something like: "cn=Jeff Silverman,ou=itusers,dc=mycompany,dc=com" is an alias for "cn=Jeff Silverman,ou=users,dc=mycompany,dc=com" And is NOT a separate, unique user account. Alternatively, should I just create a separate OU and manage it separately? It is a pain, but only 12-15 users will have to be managed that way, with two separate user accounts. But I hate this option - messy, unmanageable, unscalable. You know what I mean. I am open to any options. I've searched and read all over but I can't quite find an directly analagous example. I can't possibly be the only one who's had this problem! Thanks!

    Read the article

  • OpenLDAP on Windows and gssapi32

    - by wk22
    Upon trying to run OpenLDAP on Windows after a non-eventful installation, I get the error that gssapi32.dll is missing. Reinstalling does nothing to alleviate the problem, nor does altering the install settings/backend.

    Read the article

  • openldap make sure password does not contain username

    - by Ryan Horrisberger
    Is there a way using openldap to ensure that a user's password does not contain their name or their username? I know that you can use the ppolicy overlay pwdCheckModule by writing a C function to do password checking, but is this the best approach? It doesn't seem like many folks are doing password quality checking this way--the only example I've found is a github example which only does basic checking.

    Read the article

  • OpenSolaris won't authenticate to OpenLDAP users with md5 passwords

    - by palmer
    I have an OpenSolaris machine here; I'm using it for the first time because I want to try out ZFS. ZFS itself is working great, but I cannot get opensolaris to authenticate against our openldap directory running on Linux with md5 or sha passwords; only crypt passwords work. I'd prefer not to have to use crypt passwords; is there some magic setting I'm missing that will enable md5 passwords to authenticate?

    Read the article

  • openldap-servers-2.2.13-12.el4_8.2 RHEL 4 err=6

    - by coderwhiz
    I have been seeing these following error codes on our LDAP server: zgrep -o err=[0-9]* ldap.log.1.gz | sort | uniq -c 106664 err=0 146 err=16 288 err=4 29 err=49 8106 err=6 Can someone explain what err=6 is exactly and if its a big problem? I have been seeing lately some failures to authenticate and wonder if it is related to these errors? I have seen a possible timeout problem in the 2.2 Code base and not sure if theres a patch or if I would have to upgrade to the latest openldap version? thanks kosta

    Read the article

  • Can't add a .ldif to OpenLDAP, recent version (no slapd.conf)

    - by Biganon
    I'm new to LDAP and I'm trying to add the mmc.ldif and mail.ldif files that come with Mandriva Directory Server to my LDAP configuration, using the command : ldapadd -x -W -D "cn=admin,dc=biganon,dc=com" -f schema/mmc.ldif I then give the admin password I've set during slapd installation but get this error : ldap_bind: Invalid credentials (49) I have no slapd.conf file. I'm on Debian 6.0.1, OpenLDAP 2.4.23 Thank you

    Read the article

  • OpenLDAP memberOf overlay - changing memberOf attribute name

    - by wrschneider99
    I set up the memberOf overlay for OpenLDAP - how do I change the memberOf attribute name? I want to change it to "isMemberOf". I tried changing this attribute in the configuration olcMemberOfMemberOfAD: isMemberOf but ldapadd failed: ldap_add: Other (e.g., implementation specific) error (80) additional info: unable to find memberof attribute="isMemberOf": attribute type undefined (17) Any ideas?

    Read the article

  • Failed Administrator login on WSO2 IS with external OpenLDAP

    - by Marco Rivadeneyra
    I have an installation of WSO2 Identity Server and I'm trying to make it work with an external OpenLDAP instance I have followed this guide: http://wso2.org/project/solutions/identity/3.2.3/docs/user-core/admin_guide.html#LDAP For the read-only mode. But when I try to log-in I get a failed login and the following error on the console: TID: [0] [WSO2 Identity Server] [2012-08-10 17:10:25,493] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'john[0]' at [2012-08-10 17:10:25,0493] from IP address 127.0.0.1 {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} Full log: http://pastebin.com/pHUGXBqv My configuration file looks as follows: <UserManager> <Realm> <Configuration> <AdminRole>admin</AdminRole> <AdminUser> <UserName>john</UserName> <Password>johnldap</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <ReadOnly>true</ReadOnly> <MaxUserNameListLength>500</MaxUserNameListLength> <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property> <Property name="userName">wso2carbon</Property> <Property name="password">wso2carbon</Property> <Property name="driverName">org.h2.Driver</Property> <Property name="maxActive">50</Property> <Property name="maxWait">60000</Property> <Property name="minIdle">5</Property> </Configuration> <UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> <Property name="ReadOnly">true</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://192.168.81.144:389</Property> <Property name="ConnectionName">cn=admin,dc=example,dc=com</Property> <Property name="ConnectionPassword">admin</Property> <Property name="UserSearchBase">ou=People,dc=example,dc=com</Property> <Property name="UserNameListFilter">(objectClass=inetOrgPerson)</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadLDAPGroups">false</Property> <Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property> <Property name="GroupSearchFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameAttribute">uid</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"></AuthorizationManager> </Realm> I followed this guide to configure my LDAP server up to Loggging: https://help.ubuntu.com/12.04/serverguide/openldap-server.html Could you suggest what might be wrong? The LDAP log is available at: http://pastebin.com/T9rFYEAW

    Read the article

  • OpenLDAP and Samba, can't log onto Samba share from Windows

    - by Jakobud
    The former jackass IT-guy that I'm taking over for had a Samba share setup on a Fedora server that uses our OpenLDAP server to authenticate users who want to log in from Windows. We recently added a new employee and I jumped through the LDAP hoops to add them to the system. However, I can't seem to use their login to access the Samba share. I'm looking through the LDAP settings and Groups and comparing the new user account to existing ones, and I can't figure out what settings in LDAP are required for this user to be able to access the Samba share. Of course the former idiotic IT-guy didn't document a single thing and has all sorts of weird setups on the network. So I'm at a bit of a loss on knowing what to look for here. Where should I start? On the server that is hosting the Samba share, he has samba running obviously but also has smbldap-tools loaded as well.

    Read the article

  • openldap search acl

    - by Patrick
    I'm trying to write an access control for OpenLDAP to allow a user to search with a certain base dn, but only get results back from certain sub dn's. I've played with lots of different rules but cant get it to work. I'm not sure its even possible. For example: I have the user with the dn uid=testuser,ou=people,dc=example,dc=com. I want this user to be able to search with a base of dc=example,dc=com and get back entries in ou=people,dc=example,dc=com. There are lots of other sub OUs under dc=example,dc=com, but only entries in ou=people should be returned (for bonus, I'd only like certain attributes to be returned as well). Can this be done?

    Read the article

  • User not found for cn=config in OpenLDAP?

    - by Nick
    We're running OpenLDAP on Ubuntu 10.04. I'm able to access and use the front end with cn=admin,dc=ourcompany,dc=com and my password. But I'm unable to change the server's configuration (like loglevel) stored in cn=config because I don't seem to have a valid user/password for the backend? Some examples: # ldapsearch SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database or # ldapadd -x -D "cn=admin,cn=config" -W -f "my.ldif"" Enter LDAP Password: ldap_bind: Invalid credentials (49) How do I create a user for the cn=config backend?

    Read the article

  • Enabling ppolicy in openldap

    - by nitins
    For enabling ppolicy is in Openldap I am trying to import the policy given below. dn: ou=policies,dc=example,dc=in ou: policies objectClass: top objectClass: organizationalUnit # default, policies, example.in dn: cn=default,ou=policies,dc=example,dc=in objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAttribute: userPassword pwdMaxAge: 7776002 pwdExpireWarning: 432000 pwdInHistory: 0 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 5 pwdLockout: TRUE pwdLockoutDuration: 900 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE But I am getting the error given below. ldapadd -x -D "cn=Manager,dc=example,dc=in" -w xxxxxx -f /tmp/new-policy.ldif adding new entry "cn=default,ou=policies,dc=example,dc=in" ldapadd: Invalid syntax (21) additional info: pwdAttribute: value #0 invalid per syntax Any idea on why I am getting the error ? I have already added the ppolicy schema and module in slapd.conf

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >