Re: subtree password policy woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On May 19, 2016, at 19:04, William Brown <wibrown@xxxxxxxxxx> wrote:
> 
> It would be good to get a look at the object that is affected here. Can you show me: pwdpolicysubentry from the affected user
> entry? 
> 
> Then can you also show the contents of the dn listed by that pwdpolicysubentry?
> 
> 
> Is there anything in your error logs that looks suspicious? 



William,

I believe this is what you’re looking for:

dn: cn=cn\3DnsPwPolicyEntry\2Cou\3Demployees\2Cdc\3Ddomain\2Cdc\3Dorg,cn=nsPw
 PolicyContainer,ou=employees,dc=domain,dc=org
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,ou=employees,dc=domain,dc=org
passwordMustChange: off
passwordExp: off
passwordMinAge: 0
passwordChange: off
passwordCheckSyntax: on
passwordStorageScheme: ssha
passwordMaxRepeats: 0
passwordMinLength: 8
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMinSpecials: 0
passwordMinLowers: 0
passwordMinCategories: 2
passwordMinUppers: 0
passwordMinTokenLength: 2
passwordMin8bit: 0



Here are some examples of setting passwords to shorter than 8 characters with corresponding logs.  There is nothing (new) in errors:


[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D cn=directory\ manager -w pass
dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify 
replace: userpassword
userpassword: 12345

modifying entry “uid=morgan,ou=employees,dc=domain,dc=org"

[root@devldapm03 slapd-devldapm03]#


[20/May/2016:18:16:42 -0400] conn=16 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1
[20/May/2016:18:16:42 -0400] conn=16 op=0 BIND dn="cn=directory manager" method=128 version=3
[20/May/2016:18:16:42 -0400] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[20/May/2016:18:17:05 -0400] conn=16 op=1 MOD dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:17:05 -0400] conn=16 op=1 RESULT err=0 tag=103 nentries=0 etime=0domain





[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D uid=morgan,ou=employees,dc=domain,dc=org -w pass
dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: 123

modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"
[root@devldapm03 slapd-devldapm03]#


[20/May/2016:18:26:29 -0400] conn=29 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1
[20/May/2016:18:26:29 -0400] conn=29 op=0 BIND dn="uid=morgan,ou=employees,dc=domain,dc=org" method=128 version=3
[20/May/2016:18:26:29 -0400] conn=29 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:26:51 -0400] conn=29 op=1 MOD dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:26:51 -0400] conn=29 op=1 RESULT err=0 tag=103 nentries=0 etime=0


thanks,

-morgan




--
389-users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux