On 03/01/2017 08:15 AM, tuan88@xxxxxxxxx wrote:
So if you change the password as directory manager it will let you do whatever you want. So make sure you always change passwords as a "database user" if you expect password policies to be enforced.
Not correct, below is a test from another LDAP instance with the same ldap version.
...
ldappasswd -s Ja#%==TNG8 -w SECRET! -x -ZZ -D cn='directory manager' cn='Tuan Test,cn=unixtek,ou=Infrastructure,dc=centos'
Without trying to diagnose the reason that "Directory Manager" is not
successfully changing the password in your tests, it remains true that
"Directory Manager" is *designed* to bypass constraints. Until you can
reproduce the problem of changing an LDAP password using a database
user, you aren't providing evidence of a bug. The system is working the
way it is supposed to.
If you can demonstrate the problem using a database user instead of
"Directory Manager", we can troubleshoot further.
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
