Hi Alberto,
Only Directory Manager or a Password Admin can add pre-hashed passwords. It has nothing to do with password policy settings. For more on password admins see:
HTH,
Mark
On 09/26/2018 02:31 PM, Alberto Viana wrote:
I have a password applied globally like this:
dn: cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc=my,dc=domainpasswordLockout: offpasswordGraceLimit: 50passwordWarning: 86400passwordInHistory: 3passwordMinLength: 8passwordMinCategories: 3passwordStorageScheme: SSHA512passwordChange: onpasswordMaxAge: 31536000passwordCheckSyntax: onpasswordExp: onobjectClass: topobjectClass: ldapsubentryobjectClass: passwordpolicycn: cn=nsPwPolicyEntry,DC=my,DC=domain
In a sub OU, I have this policy:
# cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my, my.domaindn: cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domainpasswordLockout: offpasswordGraceLimit: 50passwordStorageScheme: SSHApasswordChange: onpasswordMaxAge: 31536000passwordCheckSyntax: offpasswordExp: offobjectClass: topobjectClass: ldapsubentryobjectClass: passwordpolicycn: cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain
But when I try to add a prehashed password on this sub OU, I see this kind of error:LDAP: error code 19 - invalid password syntax - passwords with storage scheme are not allowed
Is this an expected behavior even if in sub OU I have an password policy with passwordCheckSyntax set to off? If so, do I have any way to disable this behavior? (but I can not disable my global password policy)
PS: The password policy is respecting the fact of passwordCheckSyntax is set to off when I try to add a simple password like '1234'.
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment