Re: [389-users] Local Password Policy Replicated?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gerrard Geldenhuis wrote:
> Hi 
> The documentation is not very clear on this...
> 13.1.5 in the latest Admin Guide mentions how password policy is treated in a replicated environment but it does not distinguish or confirm that the behaviour for global and local password policies is treated in the same way with regards to replication.
>
> Does local password policy settings get replicated?
> I would assume yes because it is writes:
>
> dn: cn=cn=nsPwPolicyEntry\,uid=jdoe\,ou=people\,dc=example\,dc=com,
>      cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
> objectclass: top
> objectclass: extensibleObject
> objectclass: ldapsubentry
> objectclass: passwordpolicy
>
> according to the documentation.
>
> ( after typing this email I am doubting my assumption )
>
> Can I thus change password policy for a subtree only once or should I be changing it on all servers regardless?
>   
Yes, but you also have to separately activate global password policy on 
each server: 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy
You must "Enable Fine Grained Password Policy" on every server.
> The reason that prompted me for this question is that I am using a "autheticator" user to bind to ldap rather than bind anonymous. This user is in my company tree and also falls under the global password policy which it should not. If someone with malicious intent wanted to break the system they could just use that user with the wrong password 5 times to lock the account. That is an obvious flaw which is why I need to change password policy for this users and/or group of users.
>
> Best Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from 
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>   

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux