hello,
Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora 8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.
Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.
But some passwords are not synchronized betwen AD and FDS (in this way only).
error message in log :
03/12/09 09:49:01: Ldap error in ModifyPassword
19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry: uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar
details of password policy in FDS :
nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10
details of password policy in AD (i use "Windows Server 2003 Password Complexity Requirements") :
- Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Passwords must be at least 6 characters in length.
- Passwords must contain characters from three of the following four categories:
password history = 10
English uppercase characters (A through Z). English lowercase characters (a through z). Base 10 digits (0 through 9). Non-alphabetic characters (for example, !, $, #, %).
max age : 730 days
password min len : 8
Why some of my users ahve problems (FDS no not accept new Windows password) ?
regards
--
Hugo Étiévant