I'm going to integrate the check_mk's Multisite with OpenLDAP. After configuring the LDAP connector, I get the following error when opening the "Users & Contacts" page:
Error executing sync hook
The "Authentication Expiration" attribute (pwdchangedtime) could not
be fetchedfrom the LDAP server for user {u'cn': [u'noreply']}.
Here're all the steps that I've done to implement the Password Policy Overlay:
Install overlay modules for OpenLDAP server:
yum install openldap-servers-overlays
Add the following lines to /etc/openldap/slapd.conf:
include /etc/openldap/schema/ppolicy.schema
modulepath /usr/lib64/openldap
moduleload ppolicy.la
then I restart the OpenLDAP and try to change the password. I'm sure it's changed successfully but I don't see the pwdChangedTime
attribute when running a ldapsearch
:
$ ldapsearch -x -D "cn=Manager,dc=domain,dc=com" -y .passwd.cnf "cn=noreply"
dn: cn=noreply,ou=it,dc=domain,dc=com
cn: noreply
mail: noreply at domain.com
maildrop: noreply at domain.com
sn: No
uid: noreply
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMaxAge: 31536000
pwdMinAge: 60
pwdAllowUserChange: TRUE
userPassword: {MD5}xx
Did I miss something?