0

I'm trying to compile and load LDAP Tool Box Project's password checker module to improve the capabilities of password policy overlay on the Debian 7.8.

Here's what I've done so far:

  • I've installed and configured OpenLDAP & Password Policy Overlay. Everything is working as expected.
  • I've also downloaded and compiled the password checker module from its official sources and built it against Debian's OpenLDAP source.

Package builds correctly and cleanly, but when I try to load it with LDIF or LDAP browser (I've enabled CN=config access), I get the following log:

slapd[2426]: conn=1000 op=14 MOD dn="cn=module{0},cn=config"
slapd[2426]: conn=1000 op=14 MOD attr=olcModuleLoad
slapd[2426]: conn=1000 op=14 RESULT tag=103 err=80 text=<olcModuleLoad> handler exited with 1
slapd[2426]: conn=1000 op=15 SRCH base="cn=module{0},cn=config" scope=0 deref=3 filter="(objectClass=*)"
slapd[2426]: conn=1000 op=15 SRCH attr=*
slapd[2426]: conn=1000 op=15 SEARCH RESULT tag=101 err=0 nentries=1 text=

Update: At last I got a meaningful error message:

slapd[2426]: loaded module check_password
slapd[2426]: module check_password: init_module() failed
slapd[2426]: olcModuleLoad: value #0: <olcModuleLoad> handler exited with 1!
bayindirh
  • 624
  • 1
  • 5
  • 14

1 Answers1

0

I've solved the problem, problem was a case of PEBKAC. In order to use the check_password module, you have to add the check_password.so file to the password policy itself, not to the main list of modules loaded in LDAP server startup. Here how it's done

  1. Compile the package using its Makefile
  2. Copy the file to /usr/lib/ldap
  3. Add pwdPolicyChecker objectClass to the password policy you want to use the password checker module.
  4. Add the attribute pwdCheckModule with the value check_password.so to the policy you want to enhance.
  5. Set the pwdCheckQuality attribute to value 1.

You are all set at this point. Configure the checker to your taste with its configuration file and add the password dictionary to the path that you configured. File locations are dependent on your configuration.

bayindirh
  • 624
  • 1
  • 5
  • 14