Re: FDS Password policy and passsync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,

I  find the explanation of my problem :  unicode char are accepted by Windows Server but refused by FDS.
Only 7 bit chars are accepted for userpassword in FDS.

I disabled the "enforce clean 7 bits attribute value" for userPassword attribute in the "7 bits plugin" of my DS with the IDM Console.
Now Unicodes password are accepted by FDS and passsync do not fail.

ldapsearch comand line accept unicode password, but some applications (Thunderbird) do not accept unicode password !!!!


Have you a solution for me ?
Can i enfore 7 bits clean into Windows server 2003 ????


regards



Hugo Etievant a écrit :
hello,

Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora 8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.

Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.

But some passwords are not synchronized betwen AD and FDS (in this way only).
error message in log :

03/12/09 09:49:01: Ldap error in ModifyPassword
    19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry: uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar


details of password policy in FDS :

nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10

details of password policy in AD (i use "Windows Server 2003 Password Complexity Requirements") :
  • Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
  • Passwords must be at least 6 characters in length.
  • Passwords must contain characters from three of the following four categories:
  1. English uppercase characters (A through Z).
  2. English lowercase characters (a through z).
  3. Base 10 digits (0 through 9).
  4. Non-alphabetic characters (for example, !, $, #, %).
password history = 10
max age : 730 days
password min len : 8





Why some of my users ahve problems (FDS no not accept new Windows password) ?

regards

--
Hugo Étiévant


--
Hugo Étiévant 
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux