Visolve LDAP Group wrote:
If you set a local password policy like this, _it will not use the global settings at all_ - it will not fallback on the global settings in cn=config - you must specify all of the parameters you care about in your local password policy. If you do not, it will fallback on either nothing or the hardcoded default in the server itself.Hi,Hugo Étiévant,I believe you configured the sub tree password policy through ns-newpwpolicy.pl script.When you configure the global password policy it may override the sub tree password policy. So make sure that 'nsslapd-pwpolicy-local' is 'on' in cn=config entry of dse.ldif file to make the sub tree policy to work.This attribute decides whether the local password policy is enabled or not. Anyways the execution of ns-newpwpolicy.pl script will turn this attribute value to 'on'.However you cannot see any traces of sub tree Password policy attributes by searching cn=config tree or in dse.ldif file. It will show only global password policy attributes.You can see list of applied *sub tree *password policy *attributes* by performing a search like this./opt/dirsrv/bin/ldapsearch -v -h <host> -p <port> \ -D "<managerDN>" -w <passwd> -b <suffix> *objectclass=ldapsubentry*dn:cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=marketing,o=abc.com objectClass: top objectClass: ldapsubentry objectClass: passwordpolicy cn: cn=nsPwPolicyEntry,ou=marketing,o=abc.com passwordExp: off passwordMaxAge: 10 passwordWarning: 15 passwordGraceLimit: 1pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=marketing,o=abc.com
Regards, ViSolve LDAP Team.-----Original Message-----From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora-directory-users-bounces@xxxxxxxxxx] On Behalf Of Hugo EtievantSent: Wednesday, February 25, 2009 9:41 PM To: General discussion list for the Fedora Directory server project. Subject: Password policy don't work on a subtreehello,version : Directory Server 1.1.3 on Fedora 8 64 bits plateformWhen i configure a password policy on a subtree of my directory, this policy do not works. When i configure a global password policy, this global policy works but ignore locals policy of subtrees.when i look at the databases ldif backup, il do not find the "passwordMinLength" attribute for local password policy for subtrees but this attribut exists in dse ldif for the global policy !how resolve this ?regards-- * Hugo Étiévant *-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
