Visolve LDAP Group wrote: > > > > Hi, > > > > Hugo ?ti?vant, > > > > I believe you configured the sub tree password policy through > ns-newpwpolicy.pl script. > > > > When you configure the global password policy it may override the sub > tree password policy. So make sure that 'nsslapd-pwpolicy-local' is > 'on' in cn=config entry of dse.ldif file to make the sub tree policy > to work. > > > > This attribute decides whether the local password policy is enabled or > not. Anyways the execution of ns-newpwpolicy.pl script will turn this > attribute value to 'on'. > > > > However you cannot see any traces of sub tree Password policy > attributes by searching cn=config tree or in dse.ldif file. It will > show only global password policy attributes. > > > > You can see list of applied *sub tree *password policy *attributes* by > performing a search like this. > > > > /opt/dirsrv/bin/ldapsearch -v -h <host> -p <port> \ > > -D "<managerDN>" -w <passwd> -b <suffix> *objectclass=ldapsubentry* > > > > dn:cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=marketing,o=abc.com > > objectClass: top > > objectClass: ldapsubentry > > objectClass: passwordpolicy > > cn: cn=nsPwPolicyEntry,ou=marketing,o=abc.com > > passwordExp: off > > passwordMaxAge: 10 > > passwordWarning: 15 > > passwordGraceLimit: 1 > > pwdpolicysubentry: > cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolic > > yContainer,ou=marketing,o=abc.com > If you set a local password policy like this, _it will not use the global settings at all_ - it will not fallback on the global settings in cn=config - you must specify all of the parameters you care about in your local password policy. If you do not, it will fallback on either nothing or the hardcoded default in the server itself. > > > > > > Regards, > > ViSolve LDAP Team. > > > > > > -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Hugo > Etievant > Sent: Wednesday, February 25, 2009 9:41 PM > To: General discussion list for the Fedora Directory server project. > Subject: Password policy don't work on a subtree > > > > hello, > > > > version : Directory Server 1.1.3 on Fedora 8 64 bits plateform > > > > When i configure a password policy on a subtree of my directory, this > > policy do not works. > > When i configure a global password policy, this global policy works but > > ignore locals policy of subtrees. > > > > when i look at the databases ldif backup, il do not find the > > "passwordMinLength" attribute for local password policy for subtrees > > but this attribut exists in dse ldif for the global policy ! > > > > how resolve this ? > > > > regards > > > > -- > > * Hugo ?ti?vant * > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090226/2d1f224d/attachment.bin
