Hi,
I had another run at this recently and tracked it down to this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1139637
We were using the rpm package from the copr repo on CentOS6, we downgraded to the latest
389-ds-base package included in CentOS, and password expiration is working now.
Have a nice day,
Paul
On 2014-09-19 18:25, Mark Reynolds wrote:
On 09/19/2014 12:16 PM, Paul Tobias wrote:
> Hi guys,
>
> We need to implement password expiration because of some policy. The
> problem is users are not able to bind to ldap anymore, after I switch on
> password expiration for our ou=People subtree . The ldap command line
> tools and 389-console both just hang forever when trying to connect.
> This happens even when the user changes the password right before
> switching on the password expiration so the password cannot be expired
> yet. When I use the wrong password, then I get "ldap_bind: Invalid
> credentials (49)", but when I use the correct password, then it's just a
> hang. If I switch off password expiration then everything returns to
> normal again. I've followed the guide at
>
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8....
Hi Paul,
Password expiration does work. What exactly are you setting? Could you
enable the audit log, make your password configuration changes, and then
post the log?
Thanks,
Mark
>
> I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora
> 20 with the same results.
>
> Is password expiration working in 389ds at all?
>
> Thanks in advance,
> Paul Tobias
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users