[Pkg-openldap-devel] Bug#680049: Bug#680049: Old version of ppolicy.schema included

Quanah Gibson-Mount quanah at zimbra.com
Thu Jul 25 05:08:06 UTC 2013 

--On Thursday, July 25, 2013 9:19 AM +1000 Brian May 
<brian at microcomaustralia.com.au> wrote:

> I checked the latest stable release of OpenLDAP I could find.

Not exactly sure what you mean by this either.  The source for OpenLDAP is 
far from hidden:

<http://www.openldap.org/software/download/>

> Oh wait, the supplied ppolicy.schema does have these new definitions, but
> they are commented out. My bad.

No clue what you mean on this either.  The definitions are not commented 
out in either file, and the definitions of all attributes/objectclass are 
identical.

quanah at zre-ldap001:~/src/openldap/openldap-2-4/servers/slapd/schema$ cat 
ppolicy.ldif | grep -v ^#
dn: cn=ppolicy,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' 
EQUALITY
  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY 
in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY 
in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' 
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' 
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' 
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' 
EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' 
EQ
 UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' 
EQUALITY b
 ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 
'pwdLockoutDuration' E
 QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' 
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 
'pwdFailureCountInter
 val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
SINGLE-VALUE
 )
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' 
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 
'pwdAllowUserChange'
 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' 
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 
'L
 oadable module that instantiates "check_password() function' EQUALITY 
caseExa
 ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP 
top
  AUXILIARY MAY pwdCheckModule )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top 
AUXI
 LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ 
pwdCheck
 Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ 
pwdLockout $
  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ 
pwdMustChange
  $ pwdAllowUserChange $ pwdSafeModify ) )


quanah at zre-ldap001:~/src/openldap/openldap-2-4/servers/slapd/schema$ 
clear;cat ppolicy.schema | grep -v ^#
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
      NAME 'pwdAttribute'
      EQUALITY objectIdentifierMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
      NAME 'pwdMinAge'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
      NAME 'pwdMaxAge'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
      NAME 'pwdInHistory'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
      NAME 'pwdCheckQuality'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
      NAME 'pwdMinLength'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
      NAME 'pwdExpireWarning'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
      NAME 'pwdGraceAuthNLimit'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
      NAME 'pwdLockout'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
      NAME 'pwdLockoutDuration'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
      NAME 'pwdMaxFailure'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
      NAME 'pwdFailureCountInterval'
      EQUALITY integerMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
      NAME 'pwdMustChange'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
      NAME 'pwdAllowUserChange'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
      NAME 'pwdSafeModify'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE )


ttributetype ( 1.3.6.1.4.1.4754.1.99.1
     NAME 'pwdCheckModule'
     EQUALITY caseExactIA5Match
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
     DESC 'Loadable module that instantiates "check_password() function'
     SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.4754.2.99.1
      NAME 'pwdPolicyChecker'
      SUP top
      AUXILIARY
      MAY ( pwdCheckModule ) )

objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
      NAME 'pwdPolicy'
      SUP top
      AUXILIARY
      MUST ( pwdAttribute )
      MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
      pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
      $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
      pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )


--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

More information about the Pkg-openldap-devel mailing list