use ppolicy add pwdMaxAge not work

Question

use ppolicy add pwdMaxAge not work

zsq1234 opened this issue 5 months ago · comments

Hi, i use this image, and load ppolicy module, add object in phpLPADAdmin with pwdMaxAge, but it not work for me. The new user like:

dn: cn=lisi,ou=policies,dc=univer,dc=ai
cn: lisi
objectclass: inetOrgPerson
objectclass: pwdPolicy
pwdattribute: 2.5.4.35
pwdmaxage: 30
sn: li
uid: lisi
userpassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

Clay Risser · Answer 1 · Tue Jan 23 2024 23:10:15 GMT+0800 (China Standard Time)

Make sure you load the module.

LDAP_SCHEMAS=ppolicy

zsq1234 · Answer 2 · Sat Jan 27 2024 17:55:53 GMT+0800 (China Standard Time)

hi, i use that env

LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,ppolicy,acls

and can see 'pwdPolicy' object in phpLDAPAdmin. But use pwdPolicy.pwdMaxAge not effect. (I use this image in k8s)

Clay Risser · Answer 3 · Mon Jan 29 2024 00:33:11 GMT+0800 (China Standard Time)

Can you verify the ppolicy module is loaded?

ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcModuleLoad=ppolicy*)"

zsq1234 · Answer 4 · Mon Jan 29 2024 09:57:53 GMT+0800 (China Standard Time)

Hi, it not loaded, how can i load it?

Clay Risser · Answer 5 · Wed Jan 31 2024 07:16:46 GMT+0800 (China Standard Time)

I'm sorry, I think the above command is incorrect. Can you try running the following command?

ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" | grep ppolicy

You should get a similar output to below.

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
olcModuleLoad: {1}ppolicy
# {5}ppolicy, schema, config
dn: cn={5}ppolicy,cn=schema,cn=config
cn: {5}ppolicy
# {0}ppolicy, {2}mdb, config
dn: olcOverlay={0}ppolicy,olcDatabase={2}mdb,cn=config
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=ppolicy,dc=example,dc=com

Clay Risser · Answer 6 · Wed Jan 31 2024 07:18:02 GMT+0800 (China Standard Time)

Also, what does the following output?

echo $LDAP_SCHEMAS

should be something similar to

misc,ppolicy

zsq1234 · Answer 7 · Wed Jan 31 2024 17:41:47 GMT+0800 (China Standard Time)

Hi, I get a output, but it does not have olcModuleLoad: {1}ppolicy

And $LDAP_SCHEMAS has misc,ppolicy

this is env list in pod:

KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
LDAP_SERVICE_PORT_LDAP_PORT=389
LDAP_PHPLDAPADMIN_SERVICE_PORT_HTTP=80
LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/tls.crt
HOSTNAME=ldap-0
LDAP_PORT_636_TCP_ADDR=10.43.109.174
LDAP_PHPLDAPADMIN_PORT=tcp://10.43.170.244:80
LDAP_ENABLE_TLS=yes
LDAP_PORT_389_TCP_PORT=389
LDAP_CUSTOM_SCHEMA_DIR=/opt/bitnami/openldap/schemas
LDAP_HASH_PASSWORD=SHA256CRYPT
POD_NAME=ldap-0
LDAP_CUSTOM_LDIF_DIR=/opt/bitnami/openldap/ldifs
LDAP_SERVICE_PORT_SSL_LDAP_PORT=636
LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/ca.crt
LDAP_PHPLDAPADMIN_PORT_80_TCP=tcp://10.43.170.244:80
LDAP_LTB_PASSWD_PORT_80_TCP_PORT=80
LDAP_LTB_PASSWD_PORT_80_TCP=tcp://10.43.143.153:80
LDAP_CONFIG_ADMIN_USERNAME=admin
PWD=/
OS_FLAVOUR=debian-11
LDAP_TLS_ENFORCE=false
LDAP_SERVICE_HOST=10.43.109.174
LDAP_SCHEMAS=cosine,inetorgperson,misc,nis,ppolicy
LDAP_PHPLDAPADMIN_SERVICE_PORT=80
LDAP_PHPLDAPADMIN_PORT_80_TCP_PROTO=tcp
LDAP_LTB_PASSWD_PORT_80_TCP_PROTO=tcp
HOME=/
KUBERNETES_PORT_443_TCP=tcp://10.43.0.1:443
LDAP_LTB_PASSWD_SERVICE_PORT=80
LDAP_LTB_PASSWD_SERVICE_PORT_HTTP=80
BITNAMI_DEBUG=true
LDAP_PORT=tcp://10.43.109.174:389
LDAP_SKIP_DEFAULT_TREE=no
LDAP_PORT_389_TCP=tcp://10.43.109.174:389
LDAP_SERVICE_PORT=389
LDAP_PORT_389_TCP_PROTO=tcp
TERM=xterm
LDAP_PHPLDAPADMIN_SERVICE_HOST=10.43.170.244
LDAP_ROOT=dc=univer,dc=ai
SHLVL=1
LDAP_PHPLDAPADMIN_PORT_80_TCP_PORT=80
KUBERNETES_PORT_443_TCP_PROTO=tcp
BITNAMI_APP_NAME=openldap
LDAP_CONFIG_ADMIN_ENABLED=yes
KUBERNETES_PORT_443_TCP_ADDR=10.43.0.1
LDAP_PORT_636_TCP=tcp://10.43.109.174:636
LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/tls.key
LDAP_CONFIG_ADMIN_PASSWORD=123456
APP_VERSION=2.4.57
LDAP_PHPLDAPADMIN_PORT_80_TCP_ADDR=10.43.170.244
LDAP_PORT_636_TCP_PORT=636
LDAP_LOGLEVEL=256
KUBERNETES_SERVICE_HOST=10.43.0.1
KUBERNETES_PORT=tcp://10.43.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,ppolicy,acls
OS_NAME=linux
PATH=/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LDAP_ADMIN_PASSWORD=123456
LDAP_LTB_PASSWD_PORT=tcp://10.43.143.153:80
LDAP_LTB_PASSWD_PORT_80_TCP_ADDR=10.43.143.153
LDAP_ADMIN_USERNAME=admin
LDAP_LTB_PASSWD_SERVICE_HOST=10.43.143.153
LDAP_PORT_389_TCP_ADDR=10.43.109.174
LDAP_CUSTOM_MIGRATIONS_DIR=/opt/bitnami/openldap/migrations
OS_ARCH=amd64
LDAPTLS_REQCERT=never
LDAP_PORT_636_TCP_PROTO=tcp
_=/usr/bin/env

Clay Risser · Answer 8 · Sun Feb 25 2024 03:15:09 GMT+0800 (China Standard Time)

Did you restore or migrate a previous database? Can you try a new deployment and check?