Hello, I’m just checking in on this. Is no one using subtree based password policies in 389 directory? -morgan > On May 31, 2016, at 15:14, Morgan Jones <morgan@xxxxxxxxxxxxxxx> wrote: > > William, > > nsslapd-pwpolicy-local was indeed not set however setting it doesn’t make a difference. See below for details. > > Thanks for the help with this. > > thanks, > > -morgan > > > > > > > > > > larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local > dn: cn=config > nsslapd-pwpolicy-local: off > > larry:~ morgan$ ldapmodify -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager > dn: uid=morgan,ou=employees,dc=domain,dc=org > changetype: modify > replace: userpassword > userpassword: 123 > > modifying entry "uid=morgan,ou=employees,dc=domain,dc=org" > > larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local > dn: cn=config > nsslapd-pwpolicy-local: off > > larry:~ morgan$ ldapmodify -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager > dn: cn=config > changetype: modify > replace: nsslapd-pwpolicy-local > nsslapd-pwpolicy-local: on > > modifying entry "cn=config" > > dn: uid=morgan,ou=employees,dc=domain,dc=org > changetype: modify > replace: userpassword > userpassword: 1234 > > modifying entry "uid=morgan,ou=employees,dc=domain,dc=org" > > larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local > dn: cn=config > nsslapd-pwpolicy-local: on > > larry:~ morgan$ > > > > >> On May 29, 2016, at 23:04, William Brown <wibrown@xxxxxxxxxx> wrote: >> >> On Mon, 2016-05-23 at 11:52 -0400, Morgan Jones wrote: >>> Hello William, >>> >>> Is this what you’re looking for? I’ve included the full entry below but it appears pwdPolicySubentry is operational. >>> >> >> >> Hi, >> >> Sorry to have taken so long. >> >> Can you check: >> >> cn=config >> nsslapd-pwpolicy-local: on >> >> Without that setting, the fine grained password policy won't work, >> >> Thanks, >> -- >> Sincerely, >> >> William Brown >> Software Engineer >> Red Hat, Brisbane >> >> -- >> 389-users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx > -- > 389-users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
