On May 19, 2016, at 19:04, William Brown wibrown@redhat.com wrote:
It would be good to get a look at the object that is affected here. Can you show me: pwdpolicysubentry from the affected user entry?
Then can you also show the contents of the dn listed by that pwdpolicysubentry?
Is there anything in your error logs that looks suspicious?
William,
I believe this is what you’re looking for:
dn: cn=cn\3DnsPwPolicyEntry\2Cou\3Demployees\2Cdc\3Ddomain\2Cdc\3Dorg,cn=nsPw PolicyContainer,ou=employees,dc=domain,dc=org objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,ou=employees,dc=domain,dc=org passwordMustChange: off passwordExp: off passwordMinAge: 0 passwordChange: off passwordCheckSyntax: on passwordStorageScheme: ssha passwordMaxRepeats: 0 passwordMinLength: 8 passwordMinAlphas: 0 passwordMinDigits: 0 passwordMinSpecials: 0 passwordMinLowers: 0 passwordMinCategories: 2 passwordMinUppers: 0 passwordMinTokenLength: 2 passwordMin8bit: 0
Here are some examples of setting passwords to shorter than 8 characters with corresponding logs. There is nothing (new) in errors:
[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D cn=directory\ manager -w pass dn: uid=morgan,ou=employees,dc=domain,dc=org changetype: modify replace: userpassword userpassword: 12345
modifying entry “uid=morgan,ou=employees,dc=domain,dc=org"
[root@devldapm03 slapd-devldapm03]#
[20/May/2016:18:16:42 -0400] conn=16 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1 [20/May/2016:18:16:42 -0400] conn=16 op=0 BIND dn="cn=directory manager" method=128 version=3 [20/May/2016:18:16:42 -0400] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [20/May/2016:18:17:05 -0400] conn=16 op=1 MOD dn="uid=morgan,ou=employees,dc=domain,dc=org" [20/May/2016:18:17:05 -0400] conn=16 op=1 RESULT err=0 tag=103 nentries=0 etime=0domain
[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D uid=morgan,ou=employees,dc=domain,dc=org -w pass dn: uid=morgan,ou=employees,dc=domain,dc=org changetype: modify replace: userpassword userpassword: 123
modifying entry "uid=morgan,ou=employees,dc=domain,dc=org" [root@devldapm03 slapd-devldapm03]#
[20/May/2016:18:26:29 -0400] conn=29 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1 [20/May/2016:18:26:29 -0400] conn=29 op=0 BIND dn="uid=morgan,ou=employees,dc=domain,dc=org" method=128 version=3 [20/May/2016:18:26:29 -0400] conn=29 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=morgan,ou=employees,dc=domain,dc=org" [20/May/2016:18:26:51 -0400] conn=29 op=1 MOD dn="uid=morgan,ou=employees,dc=domain,dc=org" [20/May/2016:18:26:51 -0400] conn=29 op=1 RESULT err=0 tag=103 nentries=0 etime=0
thanks,
-morgan