I already tested it, and works as expected,
Thanks.
On Tue, Oct 25, 2016 at 2:24 PM, Alberto Viana <albertocrj(a)gmail.com> wrote:
Mark,
Thanks, I will try on it.
One more question, and what about changing password through winsync plugin?
On Tue, Oct 25, 2016 at 1:21 PM, Mark Reynolds <mareynol(a)redhat.com>
wrote:
>
>
> On 10/25/2016 11:10 AM, Mark Reynolds wrote:
>
>
>
> On 10/25/2016 10:37 AM, Alberto Viana wrote:
>
> Hello,
>
> Version
> 389-Directory/1.3.4.11 B2016.182.1718
>
> I'm trying to implement password expiration policy with no sucess, I've
> changed my config:
>
> dn: cn=config
> changetype: modify
> replace: passwordExp
> passwordExp: on
> -
> replace: passwordMaxAge
> passwordMaxAge: 120
>
>
> But after that I'm still able to bind with my(or any) user in 389.
>
> Am I missing something? Also, what attribute 389 uses to control that? I
> could not see any attribute in my user related to that.
>
>
> Additionally, make sure "passwordChange: on" is set in cn=config (so
> users can change their passwords)
>
> After setting this you must change the password in the entry (this sets
> the passwordexpirationtime operational attribute in the entry).
>
> I forgot to mention that you MUST change the password as the user, not
> "directory manager" or some admin account. Changing the password as
> directory manager will not set the passwordexpirationtime operational
> attribute in the entry (as Directory Manager bypasses password policy).
>
> Then the expiration time will be enforced on future logins for that
> entry. These settings do not work retroactively.
>
> Hope this helps,
> Mark
>
>
> All changes were based on this doc:
>
https://access.redhat.com/documentation/en-US/Red_Hat_Direct
> ory_Server/9.0/html/Administration_Guide/User_Account_
> Management.html#User_Account_Management-Managing_the_Password_Policy
>
> Thanks.
>
>
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>
>
>
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>
>
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>
>