Monday, September 20, 2021

[389-users] Re: ns-newpolicy/pl documentation/use case

Thank you, so the steps to have this  attribute cfg  and  with set value for each user  are :

 

-          In DS cfg add attriute PasswordTrackUpddateTime to on, nsslapd-policy-local to on and nsslapd-pwpolicy-inherit –global to on

-          Have users chage their passwd

-          The uid entries wtill display the new attribute :PasswordTrackUpdateTime with time stamp value

Is this sufficient  to have this attribute populate for each DS entry ?

 

Do I  still need to run this ns-newpolicy.pl script ?

If affirmative, I would like to learn when and what arguments must provide at run time ?

 

Isabella

-           

 

From: Mark Reynolds [mailto:mreynolds@redhat.com]
Sent: September 20, 2021 6:01 AM
To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>; Ghiurea, Isabella <Isabella.Ghiurea@nrc-cnrc.gc.ca>
Subject: Re: [389-users] ns-newpolicy/pl documentation/use case

 

***ATTENTION*** This email originated from outside of the NRC. ***ATTENTION*** Ce courriel provient de l'extérieur du CNRC

 

On 9/17/21 4:46 PM, Ghiurea, Isabella wrote:

Hi List

I am searching for  some  documentation  for ns-newpolicy.pl file , as per RH Doc I can  use that script to add the attribute : pwdUpdateTime to each uid  entry after I  already cfg in  DS  Password TrackUpdateTime and  pwdpolicy-  inherit -global  to ‘on’;

The only docs we have are the official Red Hat docs.  Here's a recap...

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-passwordTrackUpdateTime

This will start to add "pwdUpdateTime" to entries after they change their passwords, but it does not automatically add it to all existing entries.  They must change their passwords after enabling this setting for pwdUpdateTime to be set.

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_pwpolicy_inherit_global_Inherit_Global_Password_Policy

This setting is only used if you are using local password policies (subtree/user policies). It means it will check the global policy settings AND the local policy settings.  Otherwise only the local policy is applied.

HTH,
Mark

Thank you

Isabella



_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- 
Directory Server Development Team
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)