Bug #228
Error while running slapd with check_password.so module
| Status: | Closed | Start: | 04/06/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: |  Clément OUDOT |
% Done: | 100% |
|
| Category: | OpenLDAP check password | |||
| Target version: | openldap-check-password-1.2 |
Description
Hi all,
I have openldap running with ppolicy and memberof overlays. i also wanted to add more security to users passwords so i get to ltb-project and tried to install the ppolicy-check password.
i successfully followed the steps for installation and configuration. But when i tried to start the slapd with the module the following error appears:
line 26 (moduleload check_password.so)
loaded module check_password.so
module check_password.so: init_module() failed
/mnt/opt/openldap/etc/openldap/slapd.conf: line 26: <moduleload> handler exited with 1!
slapd stopped.
Do you have any ideas or suggestions about this error??
Thanks in advance,
Leandro
History
Updated by Clément OUDOT almost 2 years ago
- Status changed from New to Assigned
- Assigned to set to Clément OUDOT
Hi,
never seen this error. Which OpenLDAP version have you used? No error or warning on compilation? UNIX rights well set on check_password.so?
Updated by leandro fontenla almost 2 years ago
Sorry guys its working and thanks for the quick answer!! i thought i had to load the module check_password.so with moduleload directive in slapd.conf.
But now ldappasswd fails always with the message:
check_password_quality: lt_dlsym failed: (check_password.so) /mnt/opt/openldap/libexec/openldap/check_password.so: undefined symbol: check_password
This is my check_passwd.conf:
#Minimum number of quality points a new password must have to be accepted. One quality point is awarded for each character class used in the password.
minPoints : 2
#Set it to 0 to disable cracklib verification. It has no effect if cracklib is not included at compile time.
useCracklib : 1
#Minimum upper characters expected.
minUpper: 2
#Minimum lower characters expected.
minLower: 4
#Minimum digit characters expected.
minDigit: 2
#Minimum punctuation characters expected.
minPunct: 0
And the following is the Password Policy:
- default, Policies, vostu.com
dn: cn=default,ou=Policies,dc=hdwsolutions,dc=com
cn: default
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: VostuPolicies
pwdMinLength: 8
objectClass: pwdPolicy
objectClass: person
objectClass: top
objectClass: pwdPolicyChecker
pwdCheckModule: check_password.so
Any ideas?
Thanks in advance,
Updated by Clément OUDOT almost 2 years ago
Hi,
can you paste your compilation command line? In particular, does the value of your CONFIG_FILE make parameter match the your actual configuration file?
And you should maybe install check_password.so in the default OpenLDAP module path (OPENLDAPROOT/lib/).
You can also read the RPM spec file to see how we compile the module for our OpenLDAP packages:
http://tools.ltb-project.org/projects/ltb/repository/entry/openldap-rpm/trunk/SPECS/openldap-ltb.spec
Updated by Clément OUDOT almost 2 years ago
- Status changed from Assigned to Feedback
- Target version changed from openldap-ppolicy-check-password-1.1 to openldap-check-password-1.2
Hello,
do you still have the bug?
Updated by leandro fontenla almost 2 years ago
Hi Clement,
I checked all the parameters you advice me to check, compile again and also changed in checkpassword.c the line #define CONFIG_FILE "/mnt/opt/openldap/etc/openldap/check_password.conf". It was pointing to /etc/openldap/... ,don't know if maybe that was the problem...
But now its working, so thanks a lot for your help!
Updated by Clément OUDOT almost 2 years ago
- Status changed from Feedback to Closed
- % Done changed from 0 to 100
Hi,
you should not edit the source file, but specify your target config file in the make command, for example:
$ make CONFIG="/mnt/opt/openldap/etc/openldap/check_password.conf"
I close this bug anyway.