Hi
we have a need for 389 directory to store password in clear text, in given
subtree. I have used the console to configure password policy and chose
CLEAR for the encryption scheme under passwordStorageScheme, yet the
passwords are still SSHA encrypted. Is there any other thing that I should
do.
# entry-id: 11
dn: cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: top
objectClass: nsContainer
cn: users
# entry-id: 14
dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: nsContainer
objectClass: top
cn: nsPwPolicyContainer
# entry-id: 15
dn:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\
3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
passwordMustChange: off
passwordExp: off
passwordHistory: on
passwordMinAge: 0
passwordChange: off
passwordStorageScheme: clear
passwordInHistory: 3
passwordLockout: on
passwordLockoutDuration: 21600
passwordResetFailureCount: 1800
passwordUnlock: on
passwordMaxFailure: 3
# entry-id: 16
dn:
cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd
c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: extensibleObject
objectClass: costemplate
objectClass: ldapsubentry
objectClass: top
cosPriority: 1
pwdpolicysubentry:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3
Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany
,dc=com
cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
# entry-id: 17
dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosPointerDefinition
objectClass: top
costemplatedn:
cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do
urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d
c=com
cosAttribute: pwdpolicysubentry default operational-default
cn: nsPwPolicy_CoS
# entry-id: 18
dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com
givenName: U-da-man
uidNumber: 501
gidNumber: 501
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: account
objectClass: radiusprofile
uid: testuser
userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==
radiusFramedMTU: 1400
radiusGroupName: local
radiusHuntgroupName: vpn.ourcompany.com
radiusRealm: vpn.ourcompany.com
radiusServiceType: Framed-User
radiusFilterId: std.ppp
passwordGraceUserTime: 0
dialupAccess: yes
There is also an attribute pwdpolicysubentry:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
that shows up in the testuser's profile from the console that does not show
up in the ldif dump.
Please help I have followed the documentation Redhat directory 8.2
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101029/96dcd58f/attachment.html
