Hi,
Anyone? I really need some help on this.
Thanks
On Fri, Nov 4, 2016 at 1:01 PM, Alberto Viana <albertocrj(a)gmail.com> wrote:
Hi,
Just to explain better what I need:
Enforce a global password policy with password expiration but disable for
some specifics OUs (just disable the password expiration).
On Fri, Nov 4, 2016 at 12:54 PM, Alberto Viana <albertocrj(a)gmail.com>
wrote:
> Hi,
>
> 389-ds: 1.3.4.11
>
> What I Need:
>
> Enforce a global password policy but disable for some specifics OUs.
>
> Doc:
https://access.redhat.com/documentation/en-US/Red_Hat_Direct
> ory_Server/10/html-single/Administration_Guide/index.
> html#User_Account_Management-Managing_the_Password_Policy
>
> Everything was working fine but I realized for that specific OU that I
> created a local policy started to storage user password as plaintext:
>
> I created the local policy using the script ns-newpwpolicy.pl as below:
>
> /opt/dirsrv/sbin/ns-newpwpolicy.pl -v -D "cn=Directory Manager" -w
> my_manager_pass -S OU=testing,dc=homolog,dc=rnp
>
> Here's my config:
>
> nsslapd-pwpolicy-local: on (under cn=config)
>
> Double checked using 389 console that under this OU, "Fine-grained
> subtree policy enabled" is set on.
>
>
> ldapsearch -b 'cn="cn=nsPwTemplateEntry,OU=t
>
esting,dc=homolog,dc=rnp",cn=nsPwPolicyContainer,OU=testing,dc=homolog,dc=rnp'
> -D "cn=Directory Manager" -x -W '(objectclass=ldapsubentry)'
> # extended LDIF
> #
> # LDAPv3
> # base <cn="cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp",cn=n
> sPwPolicyContainer,OU=testing,dc=homolog,dc=rnp> with scope subtree
> # filter: (objectclass=ldapsubentry)
> # requesting: ALL
> #
>
> # cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\2Cdc\3Drnp,
> nsPwPol
> icyContainer, testing, homolog.rnp
> dn: cn=cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\2Cdc
> \3Drnp,cn=n
> sPwPolicyContainer,OU=testing,dc=homolog,dc=rnp
> passwordStorageScheme: SSHA
> passwordChange: off
> passwordMaxAge: 8640000
> passwordExp: off
> objectClass: top
> objectClass: extensibleObject
> objectClass: costemplate
> objectClass: ldapsubentry
> cosPriority: 1
> cn: cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp
>
>
>
> A user entry on this OU:
>
> dn: uid=app-test,OU=testing,dc=homolog,dc=rnp
> userPassword:: MXEydzNlNHI=
> ntUserLastLogon: 131219776403276312
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetOrgPerson
>
>
> Am I missing something?
>
> Thanks
>
> Alberto Viana
>