problems with password policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Either I'm missing something or password policies just don't work in Redhat (CentOS) directory 8.2.8.

I started by creating a subtree policy on the command line:

# ./ns-newpwpolicy.pl -D cn=directory\ manager -w pass -h localhost -S ou=students,dc=domain,dc=org
adding new entry cn=nsPwPolicyContainer,ou=students,dc=domain,dc=org

adding new entry cn=cn=nsPwPolicyEntry\,ou=students\,dc=domain\,dc=org,cn=nsPwPolicyContainer,ou=students,dc=domain,dc=org

adding new entry cn=cn=nsPwTemplateEntry\,ou=students\,dc=domain\,dc=org,cn=nsPwPolicyContainer,ou=students,dc=domain,dc=org

adding new entry cn=nsPwPolicy_cos,ou=students,dc=domain,dc=org

modifying entry cn=config



The following were created:

dn: cn=nsPwPolicyContainer,ou=students,dc=domain,dc=org
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer

dn: cn=cn=nsPwTemplateEntry\2Cou=students\2Cdc=domain\2Cdc=org,cn=nsPwPolicyC
 ontainer,ou=students,dc=domain,dc=org
objectClass: top
objectClass: extensibleObject
objectClass: costemplate
objectClass: ldapsubentry
cosPriority: 1
cn: cn=nsPwTemplateEntry,ou=students,dc=domain,dc=org

dn: cn=nsPwPolicy_cos,ou=students,dc=domain,dc=org
objectClass: top
objectClass: LDAPsubentry
objectClass: cosSuperDefinition
objectClass: cosPointerDefinition
costemplatedn: cn=cn=nsPwTemplateEntry\2Cou=students\2Cdc=domain\2Cdc=org,cn=
 nsPwPolicyContainer,ou=students,dc=domain,dc=org
cosAttribute: pwdpolicysubentry default operational-default
cn: nsPwPolicy_cos

dn: cn=cn=nsPwPolicyEntry\2Cou=students\2Cdc=domain\2Cdc=org,cn=nsPwPolicyCon
 tainer,ou=students,dc=domain,dc=org
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn: cn=nsPwPolicyEntry,ou=students,dc=domain,dc=org




I added the policy attributes we're interested in:

dn: cn=cn=nsPwPolicyEntry\2Cou=students\2Cdc=domain\2Cdc=org,cn=nsPwPolicyCon
 tainer,ou=students,dc=domain,dc=org
passwordResetFailureCount: 600
passwordMaxFailure: 10
passwordLockout: on
passwordMinLength: 6
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn: cn=nsPwPolicyEntry,ou=students,dc=domain,dc=org



I then tried 11 ldapsearches as a user under ou=students,dc=domain,dc=org and the account was not locked out.



I then checked the console and the settings weren't there.  I set them and it added two additional entries:

dn: cn=cn\3DnsPwPolicyEntry\2Cou\3Dstudents\2Cdc\3Ddomain\2Cdc\3Dorg,cn=nsPwP
 olicyContainer,ou=students,dc=domain,dc=org
passwordMaxFailure: 10
passwordResetFailureCount: 600
passwordLockout: on
passwordStorageScheme: ssha
passwordCheckSyntax: on
passwordChange: off
passwordMinAge: 0
passwordExp: off
passwordMustChange: off
passwordMinLength: 6
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,ou=students,dc=domain,dc=org

dn: cn=cn\3DnsPwTemplateEntry\2Cou\3Dstudents\2Cdc\3Ddomain\2Cdc\3Dorg,cn=nsP
 wPolicyContainer,ou=students,dc=domain,dc=org
objectClass: extensibleObject
objectClass: costemplate
objectClass: ldapsubentry
objectClass: top
cosPriority: 1
cn: cn=nsPwTemplateEntry,ou=students,dc=domain,dc=org


However I still can't force a user to be locked out.

I did set passwordIsGlobalPolicy to on under cn=config though as far as I can tell that only affects replication of password policies.

Am I missing something?

thanks,

-morgan
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux