Hi, I had another run at this recently and tracked it down to this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1139637 We were using the rpm package from the copr repo on CentOS6, we downgraded to the latest 389-ds-base package included in CentOS, and password expiration is working now. Have a nice day, Paul On 2014-09-19 18:25, Mark Reynolds wrote: > > On 09/19/2014 12:16 PM, Paul Tobias wrote: >> Hi guys, >> >> We need to implement password expiration because of some policy. The >> problem is users are not able to bind to ldap anymore, after I switch on >> password expiration for our ou=People subtree . The ldap command line >> tools and 389-console both just hang forever when trying to connect. >> This happens even when the user changes the password right before >> switching on the password expiration so the password cannot be expired >> yet. When I use the wrong password, then I get "ldap_bind: Invalid >> credentials (49)", but when I use the correct password, then it's just a >> hang. If I switch off password expiration then everything returns to >> normal again. I've followed the guide at >> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management.html#Configuring_the_Password_Policy-Configuring_a_SubtreeUser_Password_Policy_Using_the_Console > Hi Paul, > > Password expiration does work. What exactly are you setting? Could you > enable the audit log, make your password configuration changes, and then > post the log? > > Thanks, > Mark > >> >> I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora >> 20 with the same results. >> >> Is password expiration working in 389ds at all? >> >> Thanks in advance, >> Paul Tobias >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
