0
我正在使用OpenLDAP和客戶端瀏覽器作爲Apache目錄Studio。 我做了所需的強制ppolicies的openLDAP用戶仍然我認爲它缺少的東西和someware。 這是我ppolicy.ldif實施ppolicy以打開用戶
dn: dc=maxcrc,dc=com
objectClass: top
objectClass: domain
dc: maxcrc
dn: ou=People,dc=maxcrc,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People
description: Container for user entries
dn: ou=policies,dc=maxcrc,dc=com
objectClass: top
objectClass: organizationalUnit
ou: policies
dn: cn=default,ou=policies,dc=maxcrc,dc=com
objectClass: pwdPolicy
objectClass: top
objectClass: device
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 86400
pwdInHistory: 6
pwdLockout: TRUE
pwdLockoutDuration: 1920
pwdMaxAge: 172800
pwdMaxFailure: 4
pwdMinLength: 6
pwdSafeModify: FALSE
dn: uid=jery,dc=maxcrc,dc=com
objectClass: pwdPolicy
objectClass: posixAccount
objectClass: top
objectClass: account
cn: maxcrc jery
gidNumber: 1011
homeDirectory: /home/jery
pwdAttribute: userPassword
uid: jery
uidNumber: 1011
pwdPolicySubentry:cn=strong,ou=policies,dc=maxcrc,dc=com
dn: cn=strong,ou=policies,dc=maxcrc,dc=com
objectClass: device
objectClass: top
objectClass: pwdPolicy
cn: strong
pwdAttribute: userPassword
pwdMaxAge: 1296000
pwdMinLength: 4
它仍然允許從超過4 character.can任何Apache目錄工作室添加的userPassword告訴我,爲什麼會這樣呢?提前致謝 。下面
是我sldap.config文件
# BDB Backend configuration file
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/nis.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/dyngroup.schema
include ./schema/ppolicy.schema
moduleload ppolicy.la
moduleload syncprov.la
moduleload back_bdb.la
moduleload back_ldap.la
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
# Enable TLS if port is defined for ldaps
TLSVerifyClient never
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSCertificateFile ./secure/certs/server.pem
TLSCertificateKeyFile ./secure/certs/server.pem
TLSCACertificateFile ./secure/certs/server.pem
#######################################################################
# bdb database definitions
#######################################################################
database monitor
database bdb
suffix "dc=maxcrc,dc=com"
# invokes password policies for this DIT only
overlay ppolicy
# Default ppolicy
ppolicy_default "cn=strong,ou=policies,dc=maxcrc,dc=com"
# Some ppolicy directives
ppolicy_use_lockout
ppolicy_hash_cleartext
# ACL1
#access to attrs=userPassword
# by self write
# by anonymous auth
# by group.exact="cn=Manager,dc=maxcrc,dc=com"
# write
# by * none
# ACL3
#access to *
# by self write
# by group.exact="cn=Manager,dc=maxcrc,dc=com"
# write
# by users read
# by * none
rootdn "cn=Manager,dc=maxcrc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
關閉SO的主題。你有沒有在'slapd.conf中定義密碼政策的東西?' – EJP
是的我所定義的所有 – ammy
是目前爲止我知道'include./schema/ppolicy.schema''moduleload ppolicy.la''overlay \t ppolicy''ppolicy_default「cn = default,ou = policies,dc = maxcrc,dc = com'' – ammy