hello,

Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora 8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.

Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.

But some passwords are not synchronized betwen AD and FDS (in this way only).
error message in log :

03/12/09 09:49:01: Ldap error in ModifyPassword
    19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry: uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar


details of password policy in FDS :

nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10

details of password policy in AD (i use "Windows Server 2003 Password Complexity Requirements") :

• Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
• Passwords must be at least 6 characters in length.
• Passwords must contain characters from three of the following four categories:

1. English uppercase characters (A through Z).
2. English lowercase characters (a through z).
3. Base 10 digits (0 through 9).
4. Non-alphabetic characters (for example, !, $, #, %).

password history = 10
max age : 730 days
password min len : 8





Why some of my users ahve problems (FDS no not accept new Windows password) ?

regards

--
Hugo Étiévant