[389-users] Re: How do we set lastLoginHistorySize?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Grant, 

I think that you can disable the password history feature by using:
dsconf instance_name pwpolicy set --pwdhistory off

Similarly, to change the history size, you can try:
dsconf instance_name pwpolicy set  --pwdhistorycount 0

Regards,
  Pierre

On Wed, Jul 24, 2024 at 2:23 PM Grant Byers <Grant.Byers@xxxxxxxxxxxxx> wrote:
Hi,

We've recently migrated our multi-supplier, multi-consumer 389 infra
from 2.0.x to 2.2.9. The migration was relatively painless, but our logs
are currently flooded with messages like the following;

[24/Jul/2024:11:10:10.499567264 +0000] - ERR - acct_update_login_history
- Modify error 20 on entry 'uid=xxxxx,ou=people,dc=example,dc=net'
[24/Jul/2024:11:10:10.696468976 +0000] - ERR - attrlist_replace -
attr_replace (lastLoginHistory, 20240724111004Z) failed.

There's a bug report for this that matches ours[1], and the issue
appears to have been addressed. It doesn't appear to have been addressed
in 2.2.9 however, which is the latest version available in the copr
repo[2] that effectively replaced epel8-modular.

We have the AccountPolicy plugin enabled only to record lastLoginTime (a
requirement from our security team), so we can't just disable it. We
also use password policy, so we chain binds from consumers to suppliers.

I've seen mention that the lastLoginHistory attribute can be disabled by
setting lastLoginHistorySize to 0. I can't find any documentation on
this anywhere though. I've tried setting it in the AccountPolicyPlugin
config & also directly in cn=config, unsuccessfully.

What are our options?

Thanks,
Grant

[1] https://github.com/389ds/389-ds-base/issues/5834
[2] https://copr.fedorainfracloud.org/coprs/g/389ds/389-directory-server/


--
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
--

389 Directory Server Development Team
-- 
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux