[389-users] Password Policy not working fine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, thanks for you response,

 

We have Fedora-ds 1.2.2  2009.237.2054

 

Platform:

 

Linux zblhp36 2.6.18-8.1.14.el5 #1 SMP Tue Sep 25 11:45:55 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux


In this time we can apply any policies, but is not working "user must change password after reset" and change password later that it exipire

 

This is the error with this ldap.conf:

 

[root at yblhp35 openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
#use_sasl on
URI ldap://zblhp36.ml.com/
BASE dc=ml,dc=com
suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
#TLS_CACERTDIR /etc/openldap/cacerts
#TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
TLS_REQCERT allow
bind_policy soft
ssl no
TLS_CACERTDIR /etc/openldap/cacerts
pam_password md5

 

ERROR:

 

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testsi.
Enter login(LDAP) password:
LDAP Password incorrect: try again
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:

LDAP password information update failed: Server is unwilling to perform user is not allowed to change password

passwd: Permission denied

 

 

And this is the error with this ldap.conf:

 

 

[ahougham at dblvm32 ~]$ cat /etc/ldap.conf
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
#use_sasl on

HOST 172.16.100.186 172.16.102.49
URI ldaps://172.16.100.186 ldaps://172.16.102.49
BASE dc=ml,dc=com
suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
#TLS_CACERTDIR /etc/openldap/cacerts/
#TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
TLS_REQCERT allow
bind_policy soft
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
uri ldap://zblhp36.ml.com/
base dc=ml,dc=com
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
pam_lookup_policy yes
# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop


 

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testsi.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Confidentiality required Operation requires a secure connection.

 

 

 

Thanks in advance!!!

 

 

Allan

 

 
> Date: Mon, 30 Nov 2009 08:11:51 -0700
> From: rmeggins at redhat.com
> To: fedora-directory-users at redhat.com
> Subject: Re: [389-users] Password Policy not working fine
> 
> Allan Gaston Hougham wrote:
> > Dears,
> > 
> > I have a problem with my passwords policies, I enabled "Enable 
> > fine-grained password policy", I apply this but is not working fine.
> > I followed the steps of Administration Guide pag 364 -
> > 
> > *7.1.1.2. Configuring a Subtree/User Password Policy Using the Console*
> > 
> > But it?s not working, i have that setting any more?
> > Can you help me?
> > 
> What is your platform? What version of directory server? rpm -qi 
> 389-ds-base (or fedora-ds-base)
> > 
> > Thanks a lot in advance!
> > 
> > Allan Hougham
> > 
> >
> > ------------------------------------------------------------------------
> > Internet Explorer 8 especial para MSN - ?Gratis! Descargalo ahora 
> > haciendo clic aqu? 
> > <http://www.ie8.msn.com/microsoft/internet-explorer-8/es-ar/ie8.aspx>
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > 
> 
> 
 		 	   		  
_________________________________________________________________
Toda la informaci?n que te interesa est? en MSN Noticias. Clic aqu?
http://noticias.latam.msn.com/ar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20091203/dee7a3f9/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux