Re: [389-users] How to get password expiration working?

On 09/19/2014 12:16 PM, Paul Tobias wrote: > Hi guys, > > We need to implement password expiration because of some policy. The > problem is users are not able to bind to ldap anymore, after I switch on > password expiration for our ou=People subtree . The ldap command line > tools and 389-console both just hang forever when trying to connect. > This happens even when the user changes the password right before > switching on the password expiration so the password cannot be expired > yet. When I use the wrong password, then I get "ldap_bind: Invalid > credentials (49)", but when I use the correct password, then it's just a > hang. If I switch off password expiration then everything returns to > normal again. I've followed the guide at > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.... Hi Paul, Password expiration does work. What exactly are you setting? Could you enable the audit log, make your password configuration changes, and then post the log? Thanks, Mark > > I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora > 20 with the same results. > > Is password expiration working in 389ds at all? > > Thanks in advance, > Paul Tobias > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users