Re: subtree password policy woes

Morgan Jones <morgan@xxxxxxxxxxxxxxx> · Tue, 31 May 2016 15:14:15 -0400

William,

nsslapd-pwpolicy-local was indeed not set however setting it doesn’t make a difference.  See below for details.

Thanks for the help with this.

thanks,

-morgan

larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
dn: cn=config
nsslapd-pwpolicy-local: off

larry:~ morgan$ ldapmodify  -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager
dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: 123

modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"

larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
dn: cn=config
nsslapd-pwpolicy-local: off

larry:~ morgan$ ldapmodify  -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager
dn: cn=config 
changetype: modify
replace: nsslapd-pwpolicy-local
nsslapd-pwpolicy-local: on

modifying entry "cn=config"

dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: 1234

modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"

larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
dn: cn=config
nsslapd-pwpolicy-local: on

larry:~ morgan$

> On May 29, 2016, at 23:04, William Brown <wibrown@xxxxxxxxxx> wrote:
> 
> On Mon, 2016-05-23 at 11:52 -0400, Morgan Jones wrote:
>> Hello William,
>> 
>> Is this what you’re looking for?  I’ve included the full entry below but it appears pwdPolicySubentry is operational.
>> 
> 
> 
> Hi,
> 
> Sorry to have taken so long.
> 
> Can you check:
> 
> cn=config
> nsslapd-pwpolicy-local: on
> 
> Without that setting, the fine grained password policy won't work,
> 
> Thanks,
> -- 
> Sincerely,
> 
> William Brown
> Software Engineer
> Red Hat, Brisbane
> 
> --
> 389-users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
--
389-users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx