Tuesday, June 10, 2014

[389-users] password policy - user vs subtree

I need some help understanding the difference between password policy for
user versus subtree and where it needs to be set.

Using the 389 console gui, I see that I can set the password policy under
the configuration tab in the data section. I am thinking this creates a
global policy? - but this did not lock out my test account after I told it
to lock out after 5 failed password attempts.

So I went to the directory tab, and on the subtree where my test account
is located, used the subtree option to set the same password and lockout
policy that I set under configuration tab. -- same result, my test
account did not lock out.

So then in the same directory tab subtree, I tried the user option, and
same old same old - no lock out.

Can anyone point me to where I am going wrong? If I go to my actual user
account, I can lock myself out that way but that will get pretty old for
2000 users.


389 users mailing list

No comments:

Post a Comment