Hi,

 

Hugo Étiévant,

 

I believe you configured the sub tree password policy through ns-newpwpolicy.pl script.

 

When you configure the global password policy it may override the sub tree password policy. So make sure that 'nsslapd-pwpolicy-local' is 'on' in cn=config entry of dse.ldif file to make the sub tree policy to work.

 

This attribute decides whether the local password policy is enabled or not. Anyways the execution of ns-newpwpolicy.pl script will turn this attribute value to 'on'.

 

However you cannot see any traces of sub tree  Password policy attributes by searching cn=config tree or in dse.ldif file. It will show only global password policy attributes.

 

You can see list of applied sub tree password policy attributes by performing a search like this.

 

/opt/dirsrv/bin/ldapsearch -v -h <host> -p <port> \

-D "<managerDN>" -w <passwd> -b <suffix>  objectclass=ldapsubentry

 

dn:cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=marketing,o=abc.com

objectClass: top

objectClass: ldapsubentry

objectClass: passwordpolicy

cn: cn=nsPwPolicyEntry,ou=marketing,o=abc.com

passwordExp: off

passwordMaxAge: 10

passwordWarning: 15

passwordGraceLimit: 1

pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolic

 yContainer,ou=marketing,o=abc.com

 

 

Regards,

ViSolve LDAP Team.

 

 

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Hugo Etievant
Sent: Wednesday, February 25, 2009 9:41 PM
To: General discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] Password policy don't work on a subtree

 

hello,

 

version : Directory Server 1.1.3 on Fedora 8 64 bits plateform

 

When i configure a password policy on a subtree of my directory, this

policy do not works.

When i configure a global password policy, this global policy works but

ignore locals policy of subtrees.

 

when i look at the databases ldif backup, il do not find the

"passwordMinLength" attribute for local password policy for subtrees

but this attribut exists in dse ldif for the global policy !

 

how resolve this ?

 

regards

 

--

* Hugo Étiévant *

 

--

Fedora-directory-users mailing list

Fedora-directory-users@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-directory-users