Philip Kime wrote: > I have > > pam_lookup_policy yes > > and a user-local password policy for one user as a test. > > If I try to change the user's password, it updates fine in LDAP but > does't warn me about the policy restrictions (set to min 8 chars but I > can use 7 no problem, for example). I'm not sure what PAM is doing here. You can always verify that you are being properly restricted on password syntax by using ldapmodify or ldappasswd from the command line. > > I read that PAM needs anonymous bind access to the > objectclass=passwordpolicy attrs? I tried that but it made no difference. > The really odd thing is that the policy object lives in: > > cn=nspwpolicycontainer,ou=people,dc=blah,dc=com > > but if I ldapsearch on '(objectclass=passwordpolicy)' in the above > container (or in the whole root DSE for that matter), I find > nothing,even if I bind as Directory Manager. It's there - I can see > the object in the GUI. This entry has objectclass ldapSubEntry, which means it is hidden from normal searches. Try a search filter like (|(objectclass=*)(objectclass=ldapSubEntry)) to see these types of entries + normal entries. This is what the console does automatically, and you can verify this by looking at your access log. > > PK > > -- > Philip Kime > NOPS Systems Architect > 310 401 0407 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061110/f5099d57/attachment.bin
