Bonjour à toutes et à tous,
Bon je vous épargne la tartine où je hurle longuement mon désarroi face à l’implémentation de ces ppolicy avec l’openldap et mes multiple tentatives infructueuses 
Aujourd’hui j’en suis à configurer un slapd.conf et faire un slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d, jusque là pas de problème, mais au lancement du sldap il se stop et met ce message d’erreur :
Jun 7 12:53:04 testldap slapd[4379]: smbk5pwd: unable to find "krb5KDCEntry" objectClass.
Jun 7 12:53:04 testldap slapd[4379]: config error processing olcOverlay={1}smbk5pwd,olcDatabase={1}hdb,cn=config: <olcSmbK5PwdEnable> handler exited with 1
Jun 7 12:53:04 testldap slapd[4379]: slapd stopped.
Jun 7 12:53:04 testldap slapd[4379]: connections_destroy: nothing to destroy.
Le fichier slapd.conf
[quote]# Allow LDAPv2 binds
allow bind_v2
This is the main slapd configuration file. See slapd.conf(5) for more
info on the configuration options.
#######################################################################
Global Directives:
Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/ppolicy.schema
Where the pid file is put. The init.d script
will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
Read slapd.conf(5) for possible values
loglevel 16384
Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload ppolicy.la
moduleload smbk5pwd.la
backend hdb
database hdb
overlay ppolicy
ppolicy_default "cn=default,olcOverlay={0}ppolicy,ou=ppolicy,dc=test,dc=ch"
ppolicy_use_lockout yes
ppolicy_hash_cleartext
overlay smbk5pwd
smbk5pwd-enable samba
The base of your directory in database #1
suffix “dc=test,dc=ch”
Where the database file are physically stored for database #1
#directory "/var/lib/ldap"
directory “/data/ldap/db”
checkpoint 512 30
dbconfig set_cachesize 0 2097152 0
Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
Number of lockers
dbconfig set_lk_max_lockers 1500
tool-threads 1
rootdn "cn=admin,dc=test,dc=ch"
rootpw “{SSHA}9KJ1C9rmlD0oEsj4MmXYQdStkjT6Su/j”
Indexing options for database #1
index objectClass eq
index sambaSID eq,pres
index sambaPrimaryGroupSID eq,pres
index sambaDomainName eq,pres
index default sub
Save the time that the entry gets modified, for database #1
lastmod on
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to dn="dc=test,dc=ch"
by dn=“cn=admin,dc=test,dc=ch” write
by self write
access to dn="cn=nobody,dc=test,dc=ch"
by anonymous auth stop
access to dn="cn=manager,cn=internal,dc=test,dc=ch"
by dn=“cn=nobody,cn=internal,dc=test,dc=ch” read
by self write
by anonymous auth stop
access to attrs=sambaLMPassword
by dn.regex=“cn=manager,cn=internal,dc=test,dc=ch” write
by anonymous auth
by self write
by * none
access to attrs=sambaNTPassword
by dn.regex=“cn=manager,cn=internal,dc=test,dc=ch” write
by anonymous auth
by self write
by * none
The admin dn has full write access, everyone else
can read everything.
access to *
by * read
05.12.2011
force ce type de cryptage pour userPassword (meme si la personne change par windows)
password-hash {SHA}
[/quote]
les packages installés :
root@testldap:~# dpkg -l | grep -i slapd
ii slapd 2.4.23-7.2 OpenLDAP server (slapd)
ii slapd-dbg 2.4.23-7.2 Debugging information for the OpenLDAP server (slapd)
ii slapd-smbk5pwd 2.4.23-7.2 Keeps Samba and Kerberos passwords in sync within slapd.
J’ai lu que ce message pouvait survenir si un module n’étais pas chargé. Comment puis-je verifier que ppolicy et smbk5pwd soient bien chargé ?
Le poste tourne sur une debian 2.6.32-5-amd64
Merci d’avance pour votre aide et vos conseils =)
Ivy