On 10/29/2010 08:28 AM, Uzor Ide wrote:
>
> Hi
>
> we have a need for 389 directory to store password in clear text, in
> given subtree. I have used the console to configure password policy
> and chose CLEAR for the encryption scheme under passwordStorageScheme,
> yet the passwords are still SSHA encrypted. Is there any other thing
> that I should do.
You need to check the "Enable fine-grained password policies" checkbox
in the global password policy section in the Console.
>
> # entry-id: 11
> dn: cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: top
> objectClass: nsContainer
> cn: users
>
> # entry-id: 14
> dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: nsPwPolicyContainer
>
> # entry-id: 15
> dn:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\
> 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> objectClass: top
> cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
> passwordMustChange: off
> passwordExp: off
> passwordHistory: on
> passwordMinAge: 0
> passwordChange: off
> passwordStorageScheme: clear
> passwordInHistory: 3
> passwordLockout: on
> passwordLockoutDuration: 21600
> passwordResetFailureCount: 1800
> passwordUnlock: on
> passwordMaxFailure: 3
>
> # entry-id: 16
> dn:
> cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd
> c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: extensibleObject
> objectClass: costemplate
> objectClass: ldapsubentry
> objectClass: top
> cosPriority: 1
> pwdpolicysubentry:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3
> Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany
> ,dc=com
> cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
>
> # entry-id: 17
> dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: ldapsubentry
> objectClass: cosSuperDefinition
> objectClass: cosPointerDefinition
> objectClass: top
> costemplatedn:
> cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do
> urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d
> c=com
> cosAttribute: pwdpolicysubentry default operational-default
> cn: nsPwPolicy_CoS
>
> # entry-id: 18
> dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com
> givenName: U-da-man
> uidNumber: 501
> gidNumber: 501
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: account
> objectClass: radiusprofile
> uid: testuser
> userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==
> radiusFramedMTU: 1400
> radiusGroupName: local
> radiusHuntgroupName: vpn.ourcompany.com <http://vpn.ourcompany.com>
> radiusRealm: vpn.ourcompany.com <http://vpn.ourcompany.com>
> radiusServiceType: Framed-User
> radiusFilterId: std.ppp
> passwordGraceUserTime: 0
> dialupAccess: yes
>
> There is also an attribute pwdpolicysubentry:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
>
> that shows up in the testuser's profile from the console that does not
> show up in the ldif dump.
>
> Please help I have followed the documentation Redhat directory 8.2
>
> thanks
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101029/3bdcbb7a/attachment-0001.html
