Hi guys,
We need to implement password expiration because of some policy. The problem is users are not able to bind to ldap anymore, after I switch on password expiration for our ou=People subtree . The ldap command line tools and 389-console both just hang forever when trying to connect. This happens even when the user changes the password right before switching on the password expiration so the password cannot be expired yet. When I use the wrong password, then I get "ldap_bind: Invalid credentials (49)", but when I use the correct password, then it's just a hang. If I switch off password expiration then everything returns to normal again. I've followed the guide at https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/h...
I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora 20 with the same results.
Is password expiration working in 389ds at all?
Thanks in advance, Paul Tobias
On 09/19/2014 12:16 PM, Paul Tobias wrote:
Hi guys,
We need to implement password expiration because of some policy. The problem is users are not able to bind to ldap anymore, after I switch on password expiration for our ou=People subtree . The ldap command line tools and 389-console both just hang forever when trying to connect. This happens even when the user changes the password right before switching on the password expiration so the password cannot be expired yet. When I use the wrong password, then I get "ldap_bind: Invalid credentials (49)", but when I use the correct password, then it's just a hang. If I switch off password expiration then everything returns to normal again. I've followed the guide at https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/h...
Hi Paul,
Password expiration does work. What exactly are you setting? Could you enable the audit log, make your password configuration changes, and then post the log?
Thanks, Mark
I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora 20 with the same results.
Is password expiration working in 389ds at all?
Thanks in advance, Paul Tobias -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
I had another run at this recently and tracked it down to this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1139637
We were using the rpm package from the copr repo on CentOS6, we downgraded to the latest 389-ds-base package included in CentOS, and password expiration is working now.
Have a nice day, Paul
On 2014-09-19 18:25, Mark Reynolds wrote:
On 09/19/2014 12:16 PM, Paul Tobias wrote:
Hi guys,
We need to implement password expiration because of some policy. The problem is users are not able to bind to ldap anymore, after I switch on password expiration for our ou=People subtree . The ldap command line tools and 389-console both just hang forever when trying to connect. This happens even when the user changes the password right before switching on the password expiration so the password cannot be expired yet. When I use the wrong password, then I get "ldap_bind: Invalid credentials (49)", but when I use the correct password, then it's just a hang. If I switch off password expiration then everything returns to normal again. I've followed the guide at https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/h...
Hi Paul,
Password expiration does work. What exactly are you setting? Could you enable the audit log, make your password configuration changes, and then post the log?
Thanks, Mark
I've tried both 389ds 1.2.11.32 on CentOS 6 and 389ds 1.3.2.23 on Fedora 20 with the same results.
Is password expiration working in 389ds at all?
Thanks in advance, Paul Tobias -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org