I'm just checking in on this. Is no one using subtree based password policies in 389 directory?
-morgan
> On May 31, 2016, at 15:14, Morgan Jones <morgan@morganjones.org> wrote:
>
> William,
>
> nsslapd-pwpolicy-local was indeed not set however setting it doesn't make a difference. See below for details.
>
> Thanks for the help with this.
>
> thanks,
>
> -morgan
>
>
>
>
>
>
>
>
>
> larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
> dn: cn=config
> nsslapd-pwpolicy-local: off
>
> larry:~ morgan$ ldapmodify -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager
> dn: uid=morgan,ou=employees,dc=domain,dc=org
> changetype: modify
> replace: userpassword
> userpassword: 123
>
> modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"
>
> larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
> dn: cn=config
> nsslapd-pwpolicy-local: off
>
> larry:~ morgan$ ldapmodify -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager
> dn: cn=config
> changetype: modify
> replace: nsslapd-pwpolicy-local
> nsslapd-pwpolicy-local: on
>
> modifying entry "cn=config"
>
> dn: uid=morgan,ou=employees,dc=domain,dc=org
> changetype: modify
> replace: userpassword
> userpassword: 1234
>
> modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"
>
> larry:~ morgan$ ldapsearch -LLL -x -w pass -H ldap://devldapm03.domain.net -D cn=directory\ manager -b cn=config -s base objectclass=\* nsslapd-pwpolicy-local
> dn: cn=config
> nsslapd-pwpolicy-local: on
>
> larry:~ morgan$
>
>
>
>
>> On May 29, 2016, at 23:04, William Brown <wibrown@redhat.com> wrote:
>>
>> On Mon, 2016-05-23 at 11:52 -0400, Morgan Jones wrote:
>>> Hello William,
>>>
>>> Is this what you're looking for? I've included the full entry below but it appears pwdPolicySubentry is operational.
>>>
>>
>>
>> Hi,
>>
>> Sorry to have taken so long.
>>
>> Can you check:
>>
>> cn=config
>> nsslapd-pwpolicy-local: on
>>
>> Without that setting, the fine grained password policy won't work,
>>
>> Thanks,
>> --
>> Sincerely,
>>
>> William Brown
>> Software Engineer
>> Red Hat, Brisbane
>>
>> --
>> 389-users mailing list
>> 389-users@lists.fedoraproject.org
>> https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
> --
> 389-users mailing list
> 389-users@lists.fedoraproject.org
> https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
389-users mailing list
389-users@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
No comments:
Post a Comment