use ppolicy add pwdMaxAge not work
zsq1234 opened this issue · comments
Hi, i use this image, and load ppolicy module, add object in phpLPADAdmin with pwdMaxAge, but it not work for me. The new user like:
dn: cn=lisi,ou=policies,dc=univer,dc=ai
cn: lisi
objectclass: inetOrgPerson
objectclass: pwdPolicy
pwdattribute: 2.5.4.35
pwdmaxage: 30
sn: li
uid: lisi
userpassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==
Make sure you load the module.
LDAP_SCHEMAS=ppolicy
hi, i use that env
LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,ppolicy,acls
and can see 'pwdPolicy' object in phpLDAPAdmin. But use pwdPolicy.pwdMaxAge not effect. (I use this image in k8s)
Can you verify the ppolicy module is loaded?
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcModuleLoad=ppolicy*)"
I'm sorry, I think the above command is incorrect. Can you try running the following command?
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" | grep ppolicy
You should get a similar output to below.
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
olcModuleLoad: {1}ppolicy
# {5}ppolicy, schema, config
dn: cn={5}ppolicy,cn=schema,cn=config
cn: {5}ppolicy
# {0}ppolicy, {2}mdb, config
dn: olcOverlay={0}ppolicy,olcDatabase={2}mdb,cn=config
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=ppolicy,dc=example,dc=com
Also, what does the following output?
echo $LDAP_SCHEMAS
should be something similar to
misc,ppolicy
Hi, I get a output, but it does not have olcModuleLoad: {1}ppolicy
And $LDAP_SCHEMAS
has misc,ppolicy
this is env list in pod:
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
LDAP_SERVICE_PORT_LDAP_PORT=389
LDAP_PHPLDAPADMIN_SERVICE_PORT_HTTP=80
LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/tls.crt
HOSTNAME=ldap-0
LDAP_PORT_636_TCP_ADDR=10.43.109.174
LDAP_PHPLDAPADMIN_PORT=tcp://10.43.170.244:80
LDAP_ENABLE_TLS=yes
LDAP_PORT_389_TCP_PORT=389
LDAP_CUSTOM_SCHEMA_DIR=/opt/bitnami/openldap/schemas
LDAP_HASH_PASSWORD=SHA256CRYPT
POD_NAME=ldap-0
LDAP_CUSTOM_LDIF_DIR=/opt/bitnami/openldap/ldifs
LDAP_SERVICE_PORT_SSL_LDAP_PORT=636
LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/ca.crt
LDAP_PHPLDAPADMIN_PORT_80_TCP=tcp://10.43.170.244:80
LDAP_LTB_PASSWD_PORT_80_TCP_PORT=80
LDAP_LTB_PASSWD_PORT_80_TCP=tcp://10.43.143.153:80
LDAP_CONFIG_ADMIN_USERNAME=admin
PWD=/
OS_FLAVOUR=debian-11
LDAP_TLS_ENFORCE=false
LDAP_SERVICE_HOST=10.43.109.174
LDAP_SCHEMAS=cosine,inetorgperson,misc,nis,ppolicy
LDAP_PHPLDAPADMIN_SERVICE_PORT=80
LDAP_PHPLDAPADMIN_PORT_80_TCP_PROTO=tcp
LDAP_LTB_PASSWD_PORT_80_TCP_PROTO=tcp
HOME=/
KUBERNETES_PORT_443_TCP=tcp://10.43.0.1:443
LDAP_LTB_PASSWD_SERVICE_PORT=80
LDAP_LTB_PASSWD_SERVICE_PORT_HTTP=80
BITNAMI_DEBUG=true
LDAP_PORT=tcp://10.43.109.174:389
LDAP_SKIP_DEFAULT_TREE=no
LDAP_PORT_389_TCP=tcp://10.43.109.174:389
LDAP_SERVICE_PORT=389
LDAP_PORT_389_TCP_PROTO=tcp
TERM=xterm
LDAP_PHPLDAPADMIN_SERVICE_HOST=10.43.170.244
LDAP_ROOT=dc=univer,dc=ai
SHLVL=1
LDAP_PHPLDAPADMIN_PORT_80_TCP_PORT=80
KUBERNETES_PORT_443_TCP_PROTO=tcp
BITNAMI_APP_NAME=openldap
LDAP_CONFIG_ADMIN_ENABLED=yes
KUBERNETES_PORT_443_TCP_ADDR=10.43.0.1
LDAP_PORT_636_TCP=tcp://10.43.109.174:636
LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/tls.key
LDAP_CONFIG_ADMIN_PASSWORD=123456
APP_VERSION=2.4.57
LDAP_PHPLDAPADMIN_PORT_80_TCP_ADDR=10.43.170.244
LDAP_PORT_636_TCP_PORT=636
LDAP_LOGLEVEL=256
KUBERNETES_SERVICE_HOST=10.43.0.1
KUBERNETES_PORT=tcp://10.43.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,ppolicy,acls
OS_NAME=linux
PATH=/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LDAP_ADMIN_PASSWORD=123456
LDAP_LTB_PASSWD_PORT=tcp://10.43.143.153:80
LDAP_LTB_PASSWD_PORT_80_TCP_ADDR=10.43.143.153
LDAP_ADMIN_USERNAME=admin
LDAP_LTB_PASSWD_SERVICE_HOST=10.43.143.153
LDAP_PORT_389_TCP_ADDR=10.43.109.174
LDAP_CUSTOM_MIGRATIONS_DIR=/opt/bitnami/openldap/migrations
OS_ARCH=amd64
LDAPTLS_REQCERT=never
LDAP_PORT_636_TCP_PROTO=tcp
_=/usr/bin/env
Did you restore or migrate a previous database? Can you try a new deployment and check?