Re: [389-users] Local Password Policy Replicated?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>
>> Does local password policy settings get replicated?
>> I would assume yes because it is writes:
>>
>> dn: cn=cn=nsPwPolicyEntry\,uid=jdoe\,ou=people\,dc=example\,dc=com,
>>      cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
>> objectclass: top
>> objectclass: extensibleObject
>> objectclass: ldapsubentry
>> objectclass: passwordpolicy
>>
>> according to the documentation.
>>
>> ( after typing this email I am doubting my assumption )
>>
>> Can I thus change password policy for a subtree only once or should I be changing it on all servers regardless?
>>
>Yes, but you also have to separately activate global password policy on
>each server:
>http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management.html#User_Account_Management->Managing_the_Password_Policy
>You must "Enable Fine Grained Password Policy" on every server.

Ok, excellent so it does get replicated if it is local but not if it is global.

I was aware that I have to set it manually on a global level which is why I asked the question. It is a bit confusing that local password policies will get replicated but not global passwor policies. I will raise an enhancement request in bugzilla to make sure that this distinction is added to the documentation.

On a related note,.. the documentation mentions that there is a bug:
13.1.1.5. Manually Setting Default Password Syntax Checking for Local Password Policies
<cut>
However, there is a bug in Directory Server, so that if a password policy attribute is set in the global password policy but not in the local password policy, then neither the global setting nor the default settings is enforced by the local password policy. To work around this, set the password attributes explicitly in the local password policy.

I am sure I saw a fixed bugzilla for it but going through the release notes https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
I can't see any mention of this bug being fixed

Can you confirm that this is still a bug or has been resolved. If it has been resolved I will raise another bugzilla to remove this from the documentation.

Best Regards

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux