Thanks Nathan,<br><br>I missed that entirely<br><br>Ide<br><br><div class="gmail_quote">2010/10/29 Nathan Kinder <span dir="ltr">&lt;<a href="mailto:nkinder@redhat.com">nkinder@redhat.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

<div bgcolor="#ffffff" text="#000000"><div class="im">

On 10/29/2010 08:28 AM, Uzor Ide wrote:

<blockquote type="cite">

  <div class="gmail_quote"><br>

Hi <br>

  <br>

we have a need for 389 directory to store password in clear text, in

given subtree. I have used the console to configure password policy and

chose CLEAR for the encryption scheme under passwordStorageScheme, yet

the passwords are still SSHA encrypted. Is there any other thing that I

should do.<br>

  </div>

</blockquote></div>

You need to check the &quot;Enable fine-grained password policies&quot; checkbox

in the global password policy section in the Console.<br>

<blockquote type="cite"><div><div></div><div class="h5">

  <div class="gmail_quote"><br>

# entry-id: 11<br>

dn: cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

objectClass: top<br>

objectClass: nsContainer<br>

cn: users<br>

  <br>

# entry-id: 14<br>

dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

objectClass: nsContainer<br>

objectClass: top<br>

cn: nsPwPolicyContainer<br>

  <br>

# entry-id: 15<br>

dn:

cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\<br>

 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

objectClass: ldapsubentry<br>

objectClass: passwordpolicy<br>

objectClass: top<br>

cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

passwordMustChange: off<br>

passwordExp: off<br>

passwordHistory: on<br>

passwordMinAge: 0<br>

passwordChange: off<br>

passwordStorageScheme: clear<br>

passwordInHistory: 3<br>

passwordLockout: on<br>

passwordLockoutDuration: 21600<br>

passwordResetFailureCount: 1800<br>

passwordUnlock: on<br>

passwordMaxFailure: 3<br>

  <br>

# entry-id: 16<br>

dn:

cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd<br>

 c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

objectClass: extensibleObject<br>

objectClass: costemplate<br>

objectClass: ldapsubentry<br>

objectClass: top<br>

cosPriority: 1<br>

pwdpolicysubentry:

cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3<br>

 Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany<br>

 ,dc=com<br>

cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

  <br>

# entry-id: 17<br>

dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

objectClass: ldapsubentry<br>

objectClass: cosSuperDefinition<br>

objectClass: cosPointerDefinition<br>

objectClass: top<br>

costemplatedn:

cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do<br>

 urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d<br>

 c=com<br>

cosAttribute: pwdpolicysubentry default operational-default<br>

cn: nsPwPolicy_CoS<br>

  <br>

# entry-id: 18<br>

dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com<br>

givenName: U-da-man<br>

uidNumber: 501<br>

gidNumber: 501<br>

objectClass: top<br>

objectClass: person<br>

objectClass: organizationalPerson<br>

objectClass: inetorgperson<br>

objectClass: account<br>

objectClass: radiusprofile<br>

uid: testuser<br>

userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==<br>

radiusFramedMTU: 1400<br>

radiusGroupName: local<br>

radiusHuntgroupName: <a href="http://vpn.ourcompany.com" target="_blank">vpn.ourcompany.com</a><br>

radiusRealm: <a href="http://vpn.ourcompany.com" target="_blank">vpn.ourcompany.com</a><br>

radiusServiceType: Framed-User<br>

radiusFilterId: std.ppp<br>

passwordGraceUserTime: 0<br>

dialupAccess: yes<br>

  <br>

There is also an attribute pwdpolicysubentry:

cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com

  <br>

that shows up in the testuser&#39;s profile from the console that does not

show up in the ldif dump.<br>

  <br>

Please help I have followed the documentation Redhat directory 8.2<br>

  <br>

thanks<br>

  <br>

  </div>

  <br>

  </div></div><pre><fieldset></fieldset>

--

389 users mailing list

<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>

</blockquote>

<br>

</div>

<br>--<br>

389 users mailing list<br>

<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>