Hi Mark,
I already have this configuration but stopped to working after I
enabled my password policy. Another thing is the error changed, its
not the same when was missing prehashed config and my password was set
to off.
When you turn syntax checking on then Password Admin functionally
breaks, correct? If so, it sounds like a bug then. Please file a
ticket with the exact steps to reproduce the problem.
On Wed, Sep 26, 2018, 16:47 Mark Reynolds <mreynolds(a)redhat.com
<mailto:mreynolds@redhat.com>> wrote:
Hi Alberto,
Only Directory Manager or a Password Admin can add pre-hashed
passwords. It has nothing to do with password policy settings.
For more on password admins see:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
HTH,
Mark
On 09/26/2018 02:31 PM, Alberto Viana wrote:
> I have a password applied globally like this:
>
> dn:
> cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc=
> my,dc=domain
> passwordLockout: off
> passwordGraceLimit: 50
> passwordWarning: 86400
> passwordInHistory: 3
> passwordMinLength: 8
> passwordMinCategories: 3
> passwordStorageScheme: SSHA512
> passwordChange: on
> passwordMaxAge: 31536000
> passwordCheckSyntax: on
> passwordExp: on
> objectClass: top
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> cn: cn=nsPwPolicyEntry,DC=my,DC=domain
>
> In a sub OU, I have this policy:
>
> #
> cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3
> Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my, my.domain
> dn:
> cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\
> 2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domain
> passwordLockout: off
> passwordGraceLimit: 50
> passwordStorageScheme: SSHA
> passwordChange: on
> passwordMaxAge: 31536000
> passwordCheckSyntax: off
> passwordExp: off
> objectClass: top
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> cn: cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain
>
> But when I try to add a prehashed password on this sub OU, I see
> this kind of error:
> LDAP: error code 19 - invalid password syntax - passwords with
> storage scheme are not allowed
>
> Is this an expected behavior even if in sub OU I have an password
> policy with passwordCheckSyntax set to off? If so, do I have any
> way to disable this behavior? (but I can not disable my global
> password policy)
>
> PS: The password policy is respecting the fact of
> passwordCheckSyntax is set to off when I try to add a simple
> password like '1234'.
>
>
> _______________________________________________
> 389-users mailing list --389-users(a)lists.fedoraproject.org
> <mailto:389-users@lists.fedoraproject.org>
> To unsubscribe send an email to389-users-leave(a)lists.fedoraproject.org
> <mailto:389-users-leave@lists.fedoraproject.org>
> Fedora Code of
Conduct:https://getfedora.org/code-of-conduct.html
> List
Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
> List
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fe...
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...