|
On 10/31/18 10:37 AM, Alberto Viana
wrote:
Hi Mark,
In access log the behavior is exactly how you
said (small description):
"invalid password syntax"
Yeah a bit vague :-(
I opened this RFE ticket:
https://pagure.io/389-ds-base/issue/50002 --> Feel free to
add any comments, requests, or suggestions
I'm not sure what version this will land in, but what version of
389-ds-base are you using?
Thanks,
Mark
I know that's related to password policy, but
it's really bad not known which item exactly. In some
cases the users could provide me the password and I can
analyse, but in some cases not, so I think that should
exist something in 389 to show to us(admin) that.
Thanks anyway for your help.
Hi Alberto,
Did you check the access log? There "should" be a small
text message that said what syntax was violated on the
RESULT line in the access log. Just grep for err=19 in
the access logs. Let me know if you find it. But that's
all there would be for troubleshooting this. Checking
the current passwd policy code we don't have any useful
logging in there - we only send small descriptions of the
error back to the client.
So this inspires me to add a new error log level for
tracking password policy behavior. I will open a new
ticket for that RFE shortly...
Thanks,
Mark
On
10/31/18 10:12 AM, Alberto Viana wrote:
Hi Guys,
There's any way to log or track constraint
violation reason?
Once We have 2 environments I need to track
when an user could change password on windows
side but this password could not be replicated
to 389 due to password policy .
I can see this on passsync log:
10/30/18 18:43:38: Searching for
(ntuserdomainid=my.user)
10/30/18 18:43:38: Ldap error in
ModifyPassword
19: Constraint violation
10/30/18 18:43:38: Modify password failed
for remote entry:
uid=my.user,ou=users,dc=my,dc=domain
But I need to know which item on password
policy has been violated
Thanks
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
|
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
