Bliss, Aaron wrote:
Here is what 00core.ldif looks like (I'm sorry, but this is very foreign to me; does this look okay)? Thanks again.
Looks good.
Aaron cat 00core.ldif | more | grep -i passwordMaxrepeats attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $passwordMinTokenLength ) X-ORIGIN 'Netscape Directory Server' )-----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Richard Megginson Sent: Wednesday, March 15, 2006 9:42 AM To: General discussion list for the Fedora Directory server project. Subject: Re: Getting ready to upgrade from fds 1.0.1 to 1.0.2 Bliss, Aaron wrote:Is there any easy way that I can verify that the schemas have been updated properly? Thanks.Yes. See if your slapd-instance/config/schema/00core.ldif file has definitions for these attributes: passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLengthAaron -----Original Message----- From: Bliss, Aaron Sent: Tuesday, March 14, 2006 1:34 PM To: 'General discussion list for the Fedora Directory server project.' Subject: RE: Getting ready to upgrade from fds 1.0.1 to 1.0.2I believe this is what your looking for, here is an example when I intentionally attempt to break the password rules: [13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103 nentries=0 et ime=0 [13/Mar/2006:22:19:42 -0500] conn=1073 op=10 MOD dn="uid=awbtest,ou=users,dc=pre ferredcare,dc=org", invalid password syntaxHere is the error that occurred during the upgrade (I wouldn't worry too much about the entries below that reference fds1 instead of al-lnx-s11, I manually typed that after pasting the error log, as I wasn't comfortable displaying the real server name, but it doesn't really matter now, the real server name is al-lnx-s11)[13/Mar/2006:21:15:56 -0500] conn=0 op=3 RESULT err=0 tag=101 nentries=1 etime=0 [13/Mar/2006:21:15:56 -0500] conn=0 op=4 BIND dn="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128version=3[13/Mar/2006:21:15:56 -0500] conn=0 op=5 SRCH base="cn=al-lnx-s11.preferredcare. org, ou=preferredcare.org, o=NetscapeRoot" scope=2 filter="(&(objectClass=nsAppl ication)(nsNickName=slapd)(nsInstalledLocation=/opt/fedora-ds))" attrs="* aci pa sswordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime ac countUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThrough Limit nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"[13/Mar/2006:21:15:56 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0etime=0 dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot" [13/Mar/2006:21:15:56 -0500] conn=0 op=5 RESULT err=0 tag=101 nentries=1 etime=0[13/Mar/2006:21:15:56 -0500] conn=0 op=6 SRCH base="cn=Fedora DirectoryServer, cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=Netsca peRoot" scope=0 filter="(objectClass=*)" attrs="* aci passwordExpirationTime pas swordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime password History passwordAllowChangeTime nsUniqueId nsLookThroughLimit nsSizeLimit nsTime Limit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [13/Mar/2006:21:15:56 -0500] conn=0 op=6 RESULT err=0 tag=101 nentries=1 etime=0 [13/Mar/2006:21:15:56 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory Server, cn= Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=NetscapeR oot" [13/Mar/2006:21:15:56 -0500] conn=0 op=7 RESULT err=0 tag=103 nentries=0 etime=0[13/Mar/2006:21:15:56 -0500] conn=0 op=8 SRCH base="cn=Fedora DirectoryServer, cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=preferredcare.org, o=Netsca peRoot" scope=1 filter="(objectClass=nsDirectoryServer)" attrs="* aci passwordEx pirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnl ockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit ns SizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [13/Mar/2006:21:15:56 -0500] conn=0 op=8 RESULT err=0 tag=101 nentries=1 etime=0 [13/Mar/2006:21:15:56 -0500] conn=0 op=9 SRCH base="cn=slapd-al-lnx-s11, cn=Fedo ra Directory Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org, ou=prefer redcare.org,o=NetscapeRoot"scope=0 filter="(objectClass=*)" attrs="* aci passw ordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accou ntUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLim it nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock" [13/Mar/2006:21:15:56 -0500] conn=0 op=9 RESULT err=0 tag=101 nentries=1 etime=0 [13/Mar/2006:21:15:56 -0500] conn=0 op=10 SRCH base="cn=slapd-al-lnx-s11,cn=Fedo ra Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferred care.org,o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci passwordE xpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUn lockTime passwordHistory passwordAllowChangeTime nsUniqueId nsLookThroughLimit n sSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"[13/Mar/2006:21:15:56 -0500] conn=0 op=10 RESULT err=0 tag=101 nentries=1 etime= 0[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime =0 [13/Mar/2006:21:15:56 -0500] conn=0 op=11 MOD dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcare.org,o=NetscapeRoot", invalid password syntax -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of RichardMegginson Sent: Tuesday, March 14, 2006 10:06 AM To: General discussion list for the Fedora Directory server project. Subject: Re: Getting ready to upgrade from fds 1.0.1 to 1.0.2 Bliss, Aaron wrote:I've been able to reproduce; after setting the new password policy (require 1 digit, 1 special, etc) and then I attempt to use a passwordthat isn't compliant, this error is logged and the users new password is not accepted. [13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103 nentries=0 etime=0Can you find out what this operation is? It's either an ADD or MOD - just search before that line for "conn=1073 op=10". I'd like to know what the DN is.So, it looks like everything is working like it is suppose to....it's still interesting that I received that error during the upgrade....Aaron -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Bliss,Aaron Sent: Monday, March 13, 2006 10:04 PM To: General discussion list for the Fedora Directory server project.Subject: RE: Getting ready to upgrade from fds1.0.1 to 1.0.2It only seems to be in the access log 1 time; looks like it only happened during the upgrade [13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103 nentries=0 etime=0 Is there an easy way to verify that the new passwordschema is being used? Thanks. Aaron -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx[mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of RichardMegginson Sent: Monday, March 13, 2006 9:54 PM To: General discussion list for the Fedora Directory server project. Cc: Bliss, AaronSubject: Re: Getting ready to upgrade from fds1.0.1 to 1.0.2 Bliss, Aaron wrote:Well, I upgraded the fds rpm; after a reboot all looks okay, however Inoticed this information in the setup logfile; is this indicativethatsomething failed to update properly? Perhaps the new schema files?How can I verify that the new schema files are in use? Thanks very much.Start Slapd Starting Slapd server reconfiguration.Fatal Slapd ERROR: Could not update Directory Server Instance URL ldap://fds1.preferredcare.org:389/o=NetscapeRoot user id admin DN cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server Group,cn=fds1.preferredcare.org,ou=preferredcare.org,o=NetscapeRoot(19:Constraint violation) Configuring Administration Server...InstallInfo: Apache Directory "ApacheDir" is missing. The proper fds version is disaplyed in the display console, and the newCheck your directory server access log - look for err=19 - constraint violation - to see which operation it's complaining about.password enforcement options seem to be available.Aaron -----Original Message----- From: Bliss, Aaron Sent: Monday, March 13, 2006 2:08 PM To: 'General discussion list for the Fedora Directory serverproject.'Subject: RE: Getting ready to upgrade from fds1.0.1 to 1.0.2 Ah, thanks again. Aaron -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx[mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of RichardMegginson Sent: Monday, March 13, 2006 2:08 PM To: General discussion list for the Fedora Directory server project.Subject: Re: Getting ready to upgrade from fds1.0.1 to 1.0.2 Bliss, Aaron wrote:Thanks; just so I understand, I have to run the setup script even though my databases have already been configured? I did not have todoSetup will copy in the new schema files required to use the new password syntax checking, so if you skip that, you'll have to copy themthis on my test box in order to upgrade. Thanks.in manually. Setup will also make sure the console reports the correctversion of directory server.Aaron -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx[mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of RichardMegginson Sent: Monday, March 13, 2006 1:59 PM To: General discussion list for the Fedora Directory server project.Subject: Re: Getting ready to upgrade from fds1.0.1 to 1.0.2 Bliss, Aaron wrote:I'm planning on upgrading both my supplier and consumer fds serverstonight; do I need to worry about their server certificates? I'll justbe running rpm -Uvh fedora....Thanks very much.Upgrade shouldn't touch any ssl information.After doing the rpm -U, do cd /opt/fedora-ds ; ./setup/setup and followthe prompts.Aaron www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J.D.the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of thisPower and Associates Confidentiality Notice:The information contained in this electronic message is intended formessage is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication inerror, please notify the sender immediately by telephone and destroythe copies you received.--Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxxhttps://www.redhat.com/mailman/listinfo/fedora-directory-userswww.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J.D.the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of thisPower and Associates Confidentiality Notice: The information contained in this electronic message is intended formessage is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication inerror, please notify the sender immediately by telephone and destroy the copies you received.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-userswww.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of thisPower and Associates Confidentiality Notice: The information contained in this electronic message is intended formessage is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication inerror, please notify the sender immediately by telephone and destroy the copies you received.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-userswww.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice:The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of thismessage is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication inerror, please notify the sender immediately by telephone and destroy the copies you received.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-userswww.preferredcare.org"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and AssociatesConfidentiality Notice: The information contained in this electronic message is intended forthe exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-userswww.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users