Hi, I realised that I queried wrong DN and correct one is: cn=nsPwPolicyEntry not cn=nsPwTemplateEntry: dn: cn="cn=nsPwPolicyEntry,dc=example",cn=nsPwPolicyContainer,dc=example passwordMustChange: off passwordExp: off passwordMinAge: 0 passwordChange: off passwordStorageScheme: ssha passwordLockout: on passwordLockoutDuration: 1800 passwordResetFailureCount: 1800 passwordUnlock: on passwordMaxFailure: 6 passwordCheckSyntax: on passwordMinLength: 10 passwordMinDigits: 3 It seems that password policy for sub tree doesn't work correctly -- I used console (centos 8.1 directory server) to set it but if I set password policy for server then it works correctly. Is this a known bug? When I activated password lockout for whole server I was able to query user DN and get all password policy related attributes. Moreover login failed when I reach number of failed logins specified by password policy. This didn't happend for password policy activated for sub tree. (via console). I will try to set password policy using ldif files and post my finding here. 2010/9/24 Ondrej Ivani? <ondrej.ivanic at gmail.com>: > When I set password policy for server I can query cn=config and get > password policy definition. When I set password policy for subtree I > can't find any password policy related attributes. > > I tried to search using baseDN which is in 'pwdpolicysubentry' ( > 'cn="cn=nsPwTemplateEntry,dc=example",cn=nsPwPolicyContainer,dc=example' > ) but nothing is there: > dn: cn="cn=nsPwTemplateEntry,dc=example",cn=nsPwPolicyContainer,dc=ex > ?ample > objectClass: extensibleObject > objectClass: costemplate > objectClass: ldapsubentry > objectClass: top > cosPriority: 1 > cn: "cn=nsPwTemplateEntry,dc=example" Thanks, -- Ondrej Ivanic (ondrej.ivanic at gmail.com)
