On 10/25/2016 10:37 AM, Alberto Viana wrote:
Hello,

Version
389-Directory/1.3.4.11 B2016.182.1718

I'm trying to implement password expiration policy with no sucess, I've changed my config:

dn: cn=config
changetype: modify
replace: passwordExp
passwordExp: on
-
replace: passwordMaxAge
passwordMaxAge: 120


But after that I'm still able to bind with my(or any) user in 389.

Am I missing something? Also, what attribute 389 uses to control that? I could not see any attribute in my user related to that.

Additionally, make sure "passwordChange: on" is set in cn=config (so users can change their passwords)

After setting this you must change the password in the entry (this sets the passwordexpirationtime operational attribute in the entry).  Then the expiration time will be enforced on future logins for that entry.  These settings do not work retroactively.

Hope this helps,
Mark

All changes were based on this doc:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy

Thanks.



_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org