Hi
we have a need for 389 directory to store password in clear text, in given subtree. I have used the console to configure password policy and chose CLEAR for the encryption scheme under passwordStorageScheme, yet the passwords are still SSHA encrypted. Is there any other thing that I should do.
# entry-id: 11 dn: cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: top objectClass: nsContainer cn: users
# entry-id: 14 dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: nsContainer objectClass: top cn: nsPwPolicyContainer
# entry-id: 15 dn: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\ 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com passwordMustChange: off passwordExp: off passwordHistory: on passwordMinAge: 0 passwordChange: off passwordStorageScheme: clear passwordInHistory: 3 passwordLockout: on passwordLockoutDuration: 21600 passwordResetFailureCount: 1800 passwordUnlock: on passwordMaxFailure: 3
# entry-id: 16 dn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: extensibleObject objectClass: costemplate objectClass: ldapsubentry objectClass: top cosPriority: 1 pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3 Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany ,dc=com cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
# entry-id: 17 dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: cosSuperDefinition objectClass: cosPointerDefinition objectClass: top costemplatedn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d c=com cosAttribute: pwdpolicysubentry default operational-default cn: nsPwPolicy_CoS
# entry-id: 18 dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com givenName: U-da-man uidNumber: 501 gidNumber: 501 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: account objectClass: radiusprofile uid: testuser userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw== radiusFramedMTU: 1400 radiusGroupName: local radiusHuntgroupName: vpn.ourcompany.com radiusRealm: vpn.ourcompany.com radiusServiceType: Framed-User radiusFilterId: std.ppp passwordGraceUserTime: 0 dialupAccess: yes
There is also an attribute pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
that shows up in the testuser's profile from the console that does not show up in the ldif dump.
Please help I have followed the documentation Redhat directory 8.2
thanks
On 10/29/2010 08:28 AM, Uzor Ide wrote:
Hi
we have a need for 389 directory to store password in clear text, in given subtree. I have used the console to configure password policy and chose CLEAR for the encryption scheme under passwordStorageScheme, yet the passwords are still SSHA encrypted. Is there any other thing that I should do.
You need to check the "Enable fine-grained password policies" checkbox in the global password policy section in the Console.
# entry-id: 11 dn: cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: top objectClass: nsContainer cn: users
# entry-id: 14 dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: nsContainer objectClass: top cn: nsPwPolicyContainer
# entry-id: 15 dn: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\ 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com passwordMustChange: off passwordExp: off passwordHistory: on passwordMinAge: 0 passwordChange: off passwordStorageScheme: clear passwordInHistory: 3 passwordLockout: on passwordLockoutDuration: 21600 passwordResetFailureCount: 1800 passwordUnlock: on passwordMaxFailure: 3
# entry-id: 16 dn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: extensibleObject objectClass: costemplate objectClass: ldapsubentry objectClass: top cosPriority: 1 pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3 Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany ,dc=com cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
# entry-id: 17 dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: cosSuperDefinition objectClass: cosPointerDefinition objectClass: top costemplatedn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d c=com cosAttribute: pwdpolicysubentry default operational-default cn: nsPwPolicy_CoS
# entry-id: 18 dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com givenName: U-da-man uidNumber: 501 gidNumber: 501 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: account objectClass: radiusprofile uid: testuser userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw== radiusFramedMTU: 1400 radiusGroupName: local radiusHuntgroupName: vpn.ourcompany.com http://vpn.ourcompany.com radiusRealm: vpn.ourcompany.com http://vpn.ourcompany.com radiusServiceType: Framed-User radiusFilterId: std.ppp passwordGraceUserTime: 0 dialupAccess: yes
There is also an attribute pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
that shows up in the testuser's profile from the console that does not show up in the ldif dump.
Please help I have followed the documentation Redhat directory 8.2
thanks
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks Nathan,
I missed that entirely
Ide
2010/10/29 Nathan Kinder nkinder@redhat.com
On 10/29/2010 08:28 AM, Uzor Ide wrote:
Hi
we have a need for 389 directory to store password in clear text, in given subtree. I have used the console to configure password policy and chose CLEAR for the encryption scheme under passwordStorageScheme, yet the passwords are still SSHA encrypted. Is there any other thing that I should do.
You need to check the "Enable fine-grained password policies" checkbox in the global password policy section in the Console.
# entry-id: 11 dn: cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: top objectClass: nsContainer cn: users
# entry-id: 14 dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: nsContainer objectClass: top cn: nsPwPolicyContainer
# entry-id: 15 dn: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\ 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com passwordMustChange: off passwordExp: off passwordHistory: on passwordMinAge: 0 passwordChange: off passwordStorageScheme: clear passwordInHistory: 3 passwordLockout: on passwordLockoutDuration: 21600 passwordResetFailureCount: 1800 passwordUnlock: on passwordMaxFailure: 3
# entry-id: 16 dn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd
c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: extensibleObject objectClass: costemplate objectClass: ldapsubentry objectClass: top cosPriority: 1 pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3
Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany ,dc=com cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
# entry-id: 17 dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com objectClass: ldapsubentry objectClass: cosSuperDefinition objectClass: cosPointerDefinition objectClass: top costemplatedn: cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do
urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d c=com cosAttribute: pwdpolicysubentry default operational-default cn: nsPwPolicy_CoS
# entry-id: 18 dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com givenName: U-da-man uidNumber: 501 gidNumber: 501 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: account objectClass: radiusprofile uid: testuser userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw== radiusFramedMTU: 1400 radiusGroupName: local radiusHuntgroupName: vpn.ourcompany.com radiusRealm: vpn.ourcompany.com radiusServiceType: Framed-User radiusFilterId: std.ppp passwordGraceUserTime: 0 dialupAccess: yes
There is also an attribute pwdpolicysubentry: cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
that shows up in the testuser's profile from the console that does not show up in the ldif dump.
Please help I have followed the documentation Redhat directory 8.2
thanks
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org