On 01/07/2011 06:06 PM, harry.devine at faa.gov wrote: > 0 Looks like a bug. Because we now use strict GeneralizedTime syntax with checking, you cannot input that value any more. I suppose you could set it to the current time instead. > > Harry > > Harry Devine > Common ARTS Software Development > AJT-144 > (609)485-4218 > Harry.Devine at faa.gov <mailto:Harry.Devine at faa.gov> > > -----Rich Megginson <rmeggins at redhat.com> wrote: ----- > > To: Harry Devine/ACT/FAA at FAA > From: Rich Megginson <rmeggins at redhat.com> > Date: 01/07/2011 04:31PM > cc: "General discussion list for the 389 Directory server > project." <389-users at lists.fedoraproject.org>, Ted Rush/ACT/FAA at FAA > Subject: Re: Resetting user passwords > > On 01/07/2011 02:22 PM, harry.devine at faa.gov wrote: >> >> Won't let me do it. I get the following error: >> >> Cannot save to directory server: >> netscape.ldap.LDAPException: error result(21); >> passwordExpirationTime: value #0 invalid per syntax; Invalid Syntax. > What value did you use? >> >> Thanks, >> Harry >> >> Harry Devine >> Common ARTS Software Development >> AJT-144 >> (609)485-4218 >> Harry.Devine at faa.gov >> >> >> From: Rich Megginson <rmeggins at redhat.com> >> To: Harry Devine/ACT/FAA at FAA >> Cc: "General discussion list for the 389 Directory server >> project." <389-users at lists.fedoraproject.org>, Ted Rush/ACT/FAA at FAA >> Date: 01/07/2011 04:10 PM >> Subject: Re: Resetting user passwords >> >> >> ------------------------------------------------------------------------ >> >> >> >> On 01/07/2011 01:51 PM, _harry.devine at faa.gov_ >> <mailto:harry.devine at faa.gov>wrote: >> >> In the Directory Server GUI, under the Configuration tab, I have: >> >> Passwords: >> Enable fine-grained password policy (checked) >> User Password Change: >> User must change password after reset (checked) >> User may change password (checked) >> Allow changes in 2 days >> Keep password history: Remember 5 passwords >> Password expiration: >> Password expires after 90 days >> Send warning 10 days before password expires >> Allow up to 1 login attempt(s) after password expires >> Password syntax: >> Check password syntax (unchecked) >> Password Encryption: SSHA >> Account Lockout: >> Accounts may be locked out (checked) >> Password lockout >> Lockout account after 3 login failures >> Reset failure count after 10 minutes >> Lockout duration 30 minutes >> >> In the Directory tab, I right-click on People, then select >> "Manage Password Policy" -> For subtree: >> >> Passwords: >> Fine-grained subtree policy enabled (checked) >> User Password Change: >> User must change password after reset (checked) >> User may change password (checked) >> Allow changes in 2 days >> Keep password history: Remember 5 passwords >> Password expiration: >> Password expires after 90 days >> Send warning 10 days before password expires >> Allow up to 1 login attempt(s) after password expires >> Password syntax: >> Check password syntax (unchecked) >> Password Encryption: SSHA >> Account Lockout: >> Accounts may be locked out (checked) >> Password lockout >> Lockout account after 3 login failures >> Reset failure count after 10 minutes >> Lockout duration 30 minutes >> >> I don't have any specific user password policy at this time. >> When I modify a user's password, I can log in from another PC >> via SSH as that user using the changed password, but I'm never >> told it has to be changed. >> In the user's entry, when changing the password, also change the >> attribute passwordExpirationTime to 0. This should trigger the >> reset password code. Note that the attribute >> passwordExpirationTime is an operational attribute. >> >> Thanks, >> Harry >> >> Harry Devine >> Common ARTS Software Development >> AJT-144 >> (609)485-4218_ >> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov> >> >> From: Rich Megginson _<rmeggins at redhat.com>_ >> <mailto:rmeggins at redhat.com> >> To: Harry Devine/ACT/FAA at FAA >> Cc: "General discussion list for the 389 Directory server >> project." _<389-users at lists.fedoraproject.org>_ >> <mailto:389-users at lists.fedoraproject.org>, Ted Rush/ACT/FAA at FAA >> Date: 01/07/2011 03:37 PM >> Subject: Re: Resetting user passwords >> >> >> >> ------------------------------------------------------------------------ >> >> >> >> On 01/07/2011 01:23 PM, _harry.devine at faa.gov_ >> <mailto:harry.devine at faa.gov>wrote: >> >> Nope. Didn't work. I edited the entry, put in another password, >> then login using the new password and never get prompted to >> change it. I saw something online here: >> _http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management.html#Managing_the_Password_Policy-Setting_User_Passwords_. >> Section 13.1.1.5 says something about a bug in Directory Server. >> Are you using per-user/per-subtree (i.e. Fine-Grained) password >> policy? If not, then that section does not apply. >> >> Can you post all of your password policy configuration? >> Is that something that I should follow or is that doc outdated? >> >> Thanks, >> Harry >> >> Harry Devine >> Common ARTS Software Development >> AJT-144 >> (609)485-4218_ >> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov> >> From: Rich Megginson _<rmeggins at redhat.com>_ >> <mailto:rmeggins at redhat.com> >> To: "General discussion list for the 389 Directory server >> project." _<389-users at lists.fedoraproject.org>_ >> <mailto:389-users at lists.fedoraproject.org> >> Cc: Harry Devine/ACT/FAA at FAA, Ted Rush/ACT/FAA at FAA >> Date: 01/07/2011 03:12 PM >> Subject: Re: Resetting user passwords >> >> >> >> >> ------------------------------------------------------------------------ >> >> >> >> On 01/07/2011 01:02 PM, _harry.devine at faa.gov_ >> <mailto:harry.devine at faa.gov>wrote: >> >> In my 389-ds setup, I have a password policy in place where the >> user must change their password after a reset, they are allowed >> to change their password, and it expires after 90 days. However, >> I cannot find where the Directory Manager can actually RESET a >> user's password. The docs are very vague in this area IMO, so >> I'm sure I overlooked it. >> >> Not sure, but you may be able to login as directory manager, edit >> the user's entry, and change the password to some bogus value. >> >> Where do I go in the console to reset a particular user's >> password so they will be prompted to change it when they log in >> again? >> >> Thanks, >> Harry >> >> Harry Devine >> Common ARTS Software Development >> AJT-144 >> (609)485-4218_ >> __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov> >> >> >> -- >> 389 users mailing list_ >> __389-users at lists.fedoraproject.org_ >> <mailto:389-users at lists.fedoraproject.org>_ >> __https://admin.fedoraproject.org/mailman/listinfo/389-users_ >> >> >> >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110107/7817c19a/attachment-0001.html
