Philip Kime wrote:
Check the access log for the server, and you may also need to turn on the trace level error logging.Many thanks for the reply, helpful as always!I'm not sure what PAM is doing here. You can always verify that youare being properly > restricted on password syntax by using ldapmodify or ldappasswd from the command line. It seems not - ldappasswd doesn't enforce the policy whether I bind with the user in question or Directory Manager. I've tried with subtree policies and also user-only policies. If I try to change the password in the GUI, the password policy works ok.
No. The policy is supposed to be enforced on the server side. The client should not be attempting to use the policy settings on the server.This entry has objectclass ldapSubEntry, which means it is hidden fromnormal searches. Hmm, I wonder if PAM and ldappasswd are not finding the policies as a result of this? There is nothing interesting in the access log - I can see the extop password operation line but it doesn't say anything about the filter used to look for password policy objects? Is there perhaps a way to include ldapSubEntry objects in normal searches?
PK-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
