On May 19, 2016, at 19:04, William Brown <wibrown(a)redhat.com>
wrote:
It would be good to get a look at the object that is affected here. Can you show me:
pwdpolicysubentry from the affected user
entry?
Then can you also show the contents of the dn listed by that pwdpolicysubentry?
Is there anything in your error logs that looks suspicious?
William,
I believe this is what you’re looking for:
dn: cn=cn\3DnsPwPolicyEntry\2Cou\3Demployees\2Cdc\3Ddomain\2Cdc\3Dorg,cn=nsPw
PolicyContainer,ou=employees,dc=domain,dc=org
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,ou=employees,dc=domain,dc=org
passwordMustChange: off
passwordExp: off
passwordMinAge: 0
passwordChange: off
passwordCheckSyntax: on
passwordStorageScheme: ssha
passwordMaxRepeats: 0
passwordMinLength: 8
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMinSpecials: 0
passwordMinLowers: 0
passwordMinCategories: 2
passwordMinUppers: 0
passwordMinTokenLength: 2
passwordMin8bit: 0
Here are some examples of setting passwords to shorter than 8 characters with
corresponding logs. There is nothing (new) in errors:
[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D cn=directory\ manager -w
pass
dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: 12345
modifying entry “uid=morgan,ou=employees,dc=domain,dc=org"
[root@devldapm03 slapd-devldapm03]#
[20/May/2016:18:16:42 -0400] conn=16 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1
[20/May/2016:18:16:42 -0400] conn=16 op=0 BIND dn="cn=directory manager"
method=128 version=3
[20/May/2016:18:16:42 -0400] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="cn=directory manager"
[20/May/2016:18:17:05 -0400] conn=16 op=1 MOD
dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:17:05 -0400] conn=16 op=1 RESULT err=0 tag=103 nentries=0 etime=0domain
[root@devldapm03 slapd-devldapm03]# ldapmodify -h localhost -D
uid=morgan,ou=employees,dc=domain,dc=org -w pass
dn: uid=morgan,ou=employees,dc=domain,dc=org
changetype: modify
replace: userpassword
userpassword: 123
modifying entry "uid=morgan,ou=employees,dc=domain,dc=org"
[root@devldapm03 slapd-devldapm03]#
[20/May/2016:18:26:29 -0400] conn=29 fd=68 slot=68 connection from 127.0.0.1 to 127.0.0.1
[20/May/2016:18:26:29 -0400] conn=29 op=0 BIND
dn="uid=morgan,ou=employees,dc=domain,dc=org" method=128 version=3
[20/May/2016:18:26:29 -0400] conn=29 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:26:51 -0400] conn=29 op=1 MOD
dn="uid=morgan,ou=employees,dc=domain,dc=org"
[20/May/2016:18:26:51 -0400] conn=29 op=1 RESULT err=0 tag=103 nentries=0 etime=0
thanks,
-morgan