Hi, and thanks again.
I took a look on the 389DS's console, in configuration -> Data -> Passwords, and there is no special configuration
Enable fine-grained password policy is : Disabled
in User password change :
User may change password is : Enbaled
Allow changes in = 0 days
keep password history is : Disabled
Password never expire : Enabled
Password syntax : Disabled
Password Encryption is SSHA.
Another thing : I tried to use ldappasswd command (from the mail server) with the user credentials, and it worked even with simple passwords:
ldappasswd -H ldap://idm01.example.com -x -D "uid=nagios,ou=people,dc=example,dc=com" -w nagios2016 -a nagios2016 -s azertyu7 -v -Z
ldap_initialize( ldap://idm01.example.com:389/??base )
Result: Success (0)
Result: Success (0)
Regards.
2016-04-12 12:39 GMT+01:00 Ludwig Krispenz <lkrispen@xxxxxxxxxx>:
Hi,
I was not talking about access control, but about password policy - quality of passwords, reuse, expiration, when it can be changed ...
Please read:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy
On 04/12/2016 12:35 PM, wodel youchi wrote:
Hi, and thanks
But as I understand, there is and AC created for ou=people,dc=example,dc=com called "Allow self entry modification" and userPassword attribute is selected for write.is there another AC that supersedes this one?
Regards.
2016-04-12 11:19 GMT+01:00 Ludwig Krispenz <lkrispen@xxxxxxxxxx>:
On 04/12/2016 11:50 AM, wodel youchi wrote:
changing th pw as user, you probably violate the password policyPS : tls is enabled.In the error log of 389DS, I didn't find any useful error message.the second one worked.Hi,the first one, didn't work for me, I get in the horde log : could not replace userPassword attribute, LDAP server : constraint violation.
I am trying to make horde's module passwd let users change their passwords.
In the configuration file of the moduke there are two options for ldap :
- ldap : this option uses the users credentials to modify the password (the user change his password with his credentials).
- ldapadmin : this option uses the admin, such as the Directory Manager to modify the user's password.
any idea?
Regards.
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
