Allan Gaston Hougham wrote: > Hi, thanks for you response, > > We have Fedora-ds 1.2.2 2009.237.2054 > > Platform: > > Linux zblhp36 2.6.18-8.1.14.el5 #1 SMP Tue Sep 25 11:45:55 EDT 2007 > x86_64 x86_64 x86_64 GNU/Linux > > In this time we can apply any policies, but is not working "user must > change password after reset" and change password later that it exipire > > This is the error with this ldap.conf: > > [root at yblhp35 openldap]# cat ldap.conf > # > # LDAP Defaults > # > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > #BASE dc=example, dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > #use_sasl on > URI ldap://zblhp36.ml.com/ > BASE dc=ml,dc=com > suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina" > suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina" > #TLS_CACERTDIR /etc/openldap/cacerts > #TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt > TLS_REQCERT allow > bind_policy soft > ssl no > TLS_CACERTDIR /etc/openldap/cacerts > pam_password md5 > > ERROR: > > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for user testsi. > Enter login(LDAP) password: > LDAP Password incorrect: try again > Enter login(LDAP) password: > New UNIX password: > Retype new UNIX password: > LDAP password information update failed: Server is unwilling to > perform user is not allowed to change password > passwd: Permission denied > > > And this is the error with this ldap.conf: > > > [ahougham at dblvm32 ~]$ cat /etc/ldap.conf > # > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > #BASE dc=example, dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > #use_sasl on > HOST 172.16.100.186 172.16.102.49 > URI ldaps://172.16.100.186 ldaps://172.16.102.49 > BASE dc=ml,dc=com > suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina" > suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina" > #TLS_CACERTDIR /etc/openldap/cacerts/ > #TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt > TLS_REQCERT allow > bind_policy soft > ssl no > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > uri ldap://zblhp36.ml.com/ > base dc=ml,dc=com > # Search the root DSE for the password policy (works > # with Netscape Directory Server) > pam_lookup_policy yes > # Use the OpenLDAP password change > # extended operation to update the password. > pam_password exop > > > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for user testsi. > Enter login(LDAP) password: > New UNIX password: > Retype new UNIX password: > LDAP password information update failed: Confidentiality required > Operation requires a secure connection. > > > > Thanks in advance!!! Does it work if you use the ldappasswd command line tool? > > > Allan > > > > Date: Mon, 30 Nov 2009 08:11:51 -0700 > > From: rmeggins at redhat.com > > To: fedora-directory-users at redhat.com > > Subject: Re: [389-users] Password Policy not working fine > > > > Allan Gaston Hougham wrote: > > > Dears, > > > > > > I have a problem with my passwords policies, I enabled "Enable > > > fine-grained password policy", I apply this but is not working fine. > > > I followed the steps of Administration Guide pag 364 - > > > > > > *7.1.1.2. Configuring a Subtree/User Password Policy Using the > Console* > > > > > > But it?s not working, i have that setting any more? > > > Can you help me? > > > > > What is your platform? What version of directory server? rpm -qi > > 389-ds-base (or fedora-ds-base) > > > > > > Thanks a lot in advance! > > > > > > Allan Hougham > > > > > > > > > > ------------------------------------------------------------------------ > > > Internet Explorer 8 especial para MSN - ?Gratis! Descargalo ahora > > > haciendo clic aqu? > > > <http://www.ie8.msn.com/microsoft/internet-explorer-8/es-ar/ie8.aspx> > > > > ------------------------------------------------------------------------ > > > > > > -- > > > 389 users mailing list > > > 389-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > ------------------------------------------------------------------------ > ?Te llegan demasiados emails? Organizate con Hotmail. ?Cre? carpetas > para todos tus correos! <http://mail.live.com/> > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20091203/ff7186d4/attachment.bin
