FDS Password policy and passsync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi,

I  find the explanation of my problem :  unicode char are accepted by 
Windows Server but refused by FDS.
Only 7 bit chars are accepted for userpassword in FDS.

I disabled the "enforce clean 7 bits attribute value" for userPassword 
attribute in the "7 bits plugin" of my DS with the IDM Console.
Now Unicodes password are accepted by FDS and passsync do not fail.

ldapsearch comand line accept unicode password, but some applications 
(Thunderbird) do not accept unicode password !!!!


Have you a solution for me ?
Can i enfore 7 bits clean into Windows server 2003 ????


regards



Hugo Etievant a ?crit :
> hello,
>
> Step 1 :
> A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora 
> 8) server and a Windows 2003 Server (Active Directory).
> User's passwords are successfully synchronized.
>
> Step 2 :
> I activated password policy in FDS and in AD.
> Password policies are identical.
>
> But some passwords are not synchronized betwen AD and FDS (in this way 
> only).
> error message in log :
>
> 03/12/09 09:49:01: Ldap error in ModifyPassword
>     19: Constraint violation
> 03/12/09 09:49:01: Modify password failed for remote entry: 
> uid=foobar,ou=people,dc=inrp,dc=fr
> 03/12/09 09:49:01: Deferring password change for foobar
>
>
> details of password policy in FDS :
>
> nsslapd-security: on
> nsslapd-auditlog-logging-enabled: on
> nsslapd-errorlog-level: 8192
> nsslapd-pwpolicy-local: on
> passwordMinLength: 8
> passwordMinCategories: 3
> passwordMinTokenLength: 2
> passwordCheckSyntax: on
> passwordMinAlphas: 0
> passwordMinDigits: 0
> passwordMaxAge: 63072000 (secondes = 730 days)
> passwordExp: on
> passwordHistory: on
> passwordWarning: 0
> passwordInHistory: 10
>
> details of password policy in AD (i use "Windows Server 2003 Password 
> Complexity Requirements") :
>
>     * Passwords cannot contain the user's account name or parts of the
>       user's full name that exceed two consecutive characters.
>     * Passwords must be at least 6 characters in length.
>     * Passwords must contain characters from three of the following
>       four categories:
>
>   1.
>       English uppercase characters (A through Z).
>   2.
>       English lowercase characters (a through z).
>   3.
>       Base 10 digits (0 through 9).
>   4.
>       Non-alphabetic characters (for example, !, $, #, %).
>
> password history = 10
> max age : 730 days
> password min len : 8
>
>
>
>
>
> Why some of my users ahve problems (FDS no not accept new Windows 
> password) ?
>
> regards
>
> -- 
> * Hugo ?ti?vant
> *


-- 
* Hugo ?ti?vant *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090312/bef7dadb/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux