Re: Password expiration doubts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mark,

Thanks, I will try on it. 

One more question, and what about changing password through winsync plugin?

On Tue, Oct 25, 2016 at 1:21 PM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote:


On 10/25/2016 11:10 AM, Mark Reynolds wrote:


On 10/25/2016 10:37 AM, Alberto Viana wrote:
Hello,

Version
389-Directory/1.3.4.11 B2016.182.1718

I'm trying to implement password expiration policy with no sucess, I've changed my config:

dn: cn=config
changetype: modify
replace: passwordExp
passwordExp: on
-
replace: passwordMaxAge
passwordMaxAge: 120


But after that I'm still able to bind with my(or any) user in 389.

Am I missing something? Also, what attribute 389 uses to control that? I could not see any attribute in my user related to that.

Additionally, make sure "passwordChange: on" is set in cn=config (so users can change their passwords)

After setting this you must change the password in the entry (this sets the passwordexpirationtime operational attribute in the entry). 
I forgot to mention that you MUST change the password as the user, not "directory manager" or some admin account.  Changing the password as directory manager will not set the passwordexpirationtime operational attribute in the entry (as Directory Manager bypasses password policy).
  Then the expiration time will be enforced on future logins for that entry.  These settings do not work retroactively.

Hope this helps,
Mark


_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org




_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org


_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org


_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux