Good morning. I have been playing with FDS 1.0.2 for some time, and have been successful in getting the Directory Server to enforce password policy by toggling the "nsslapd-pwpolicy-local" flag to "on", then establishing a local policy for my "ou=People" subtree. This enforcement appears to work only when I change the password for a user through the Fedora Management Console interface when I'm logged in as the Directory Manager (cn=Directory Manager). When I attempt to change the "userPassword" attribute for my test user via perl's Net::LDAP library using the smbldap-tools scripts (smbldap-passwd), smbldap-passwd takes the cleartext of the new password, and hashes it using SSHA. This hashed text (ciphertext) is then used to replace the "userPassword" attribute for the user in a subsequent LDAP bind operation. This process effectively bypasses the password policy defined for the user's subtree. Is there a way (through Perl or Java) to supply the cleartext to the server through SSL/TLS, and have it apply the password policy on the cleartext before the server hashes the cleartext? Regards, Eliot ====================================== Eliot Lebsack Lead Communications Engineer The MITRE Corporation Bedford, MA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060726/74558a9e/attachment.html
