FDS Password policy and passsync

Hugo Etievant <hugo.etievant@xxxxxxx> · Thu, 12 Mar 2009 11:41:42 +0100

hello,

Step 1 :

A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora
8) server and a Windows 2003 Server (Active Directory).

User's passwords are successfully synchronized.

Step 2 :

I activated password policy in FDS and in AD.

Password policies are identical.

But some passwords are not synchronized betwen AD and FDS (in this way
only).

error message in log :

03/12/09 09:49:01: Ldap error in ModifyPassword

    19: Constraint violation

03/12/09 09:49:01: Modify password failed for remote entry:
uid=foobar,ou=people,dc=inrp,dc=fr

03/12/09 09:49:01: Deferring password change for foobar

details of password policy in FDS :

nsslapd-security: on

nsslapd-auditlog-logging-enabled: on

nsslapd-errorlog-level: 8192

nsslapd-pwpolicy-local: on

passwordMinLength: 8

passwordMinCategories: 3

passwordMinTokenLength: 2

passwordCheckSyntax: on

passwordMinAlphas: 0

passwordMinDigits: 0

passwordMaxAge: 63072000 (secondes = 730 days)

passwordExp: on

passwordHistory: on

passwordWarning: 0

passwordInHistory: 10

details of password policy in AD (i use "Windows Server 2003 Password
Complexity Requirements") :

  Passwords cannot contain the user’s account name or parts of the
user’s full name that exceed two consecutive characters.
  Passwords must be at least 6 characters in length.
  Passwords must contain characters from three of the following
four categories:

    English uppercase characters (A through Z).

    English lowercase characters (a through z).

    Base 10 digits (0 through 9).

    Non-alphabetic characters (for example, !, $, #, %).

password history = 10

max age : 730 days

password min len : 8

Why some of my users ahve problems (FDS no not accept new Windows
password) ?

regards

-- 

 Hugo Étiévant 

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users