Password policy don't work on a subtree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 

Hi,

 

Hugo ?ti?vant,

 

I believe you configured the sub tree password policy through
ns-newpwpolicy.pl script.

 

When you configure the global password policy it may override the sub tree
password policy. So make sure that 'nsslapd-pwpolicy-local' is 'on' in
cn=config entry of dse.ldif file to make the sub tree policy to work.

 

This attribute decides whether the local password policy is enabled or not.
Anyways the execution of ns-newpwpolicy.pl script will turn this attribute
value to 'on'.

 

However you cannot see any traces of sub tree  Password policy attributes by
searching cn=config tree or in dse.ldif file. It will show only global
password policy attributes.

 

You can see list of applied sub tree password policy attributes by
performing a search like this.

 

/opt/dirsrv/bin/ldapsearch -v -h <host> -p <port> \

-D "<managerDN>" -w <passwd> -b <suffix>  objectclass=ldapsubentry

 

dn:cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=
marketing,o=abc.com

objectClass: top

objectClass: ldapsubentry

objectClass: passwordpolicy

cn: cn=nsPwPolicyEntry,ou=marketing,o=abc.com

passwordExp: off

passwordMaxAge: 10

passwordWarning: 15

passwordGraceLimit: 1

pwdpolicysubentry:
cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolic

 yContainer,ou=marketing,o=abc.com

 

 

Regards,

ViSolve LDAP Team.

 

 

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Hugo
Etievant
Sent: Wednesday, February 25, 2009 9:41 PM
To: General discussion list for the Fedora Directory server project.
Subject: Password policy don't work on a subtree

 

hello,

 

version : Directory Server 1.1.3 on Fedora 8 64 bits plateform

 

When i configure a password policy on a subtree of my directory, this 

policy do not works.

When i configure a global password policy, this global policy works but 

ignore locals policy of subtrees.

 

when i look at the databases ldif backup, il do not find the 

"passwordMinLength" attribute for local password policy for subtrees

but this attribut exists in dse ldif for the global policy !

 

how resolve this ?

 

regards

 

-- 

* Hugo ?ti?vant *

 

--

Fedora-directory-users mailing list

Fedora-directory-users at redhat.com

https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090226/d69b30d0/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux