I have a password applied globally like
this:
dn:
cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc=
my,dc=domain
passwordLockout: off
passwordGraceLimit: 50
passwordWarning: 86400
passwordInHistory: 3
passwordMinLength: 8
passwordMinCategories: 3
passwordStorageScheme: SSHA512
passwordChange: on
passwordMaxAge: 31536000
passwordCheckSyntax: on
passwordExp: on
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn: cn=nsPwPolicyEntry,DC=my,DC=domain
In a sub OU, I have this policy:
#
cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3
Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my,
my.domain
dn:
cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\
2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domain
passwordLockout: off
passwordGraceLimit: 50
passwordStorageScheme: SSHA
passwordChange: on
passwordMaxAge: 31536000
passwordCheckSyntax: off
passwordExp: off
objectClass: top
objectClass: ldapsubentry
objectClass: passwordpolicy
cn:
cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain
But when I try to add a prehashed password on this
sub OU, I see this kind of error:
LDAP: error code 19 - invalid password syntax -
passwords with storage scheme are not allowed
Is this an expected behavior even if in sub OU I have
an password policy with passwordCheckSyntax set to off?
If so, do I have any way to disable this behavior? (but
I can not disable my global password policy)
PS: The password policy is respecting the fact of
passwordCheckSyntax is set to off when I try to add a
simple password like '1234'.
