[Fedora-directory-users] Re: password policy on FDS 1.0.2 - doesn't seem to work?
Philip Kime
pkime at Shopzilla.com
Sun Nov 12 00:17:04 UTC 2006
Many thanks for the reply, helpful as always!
> I'm not sure what PAM is doing here. You can always verify that you
are being properly > restricted on password syntax by using ldapmodify
or ldappasswd from the command line.
It seems not - ldappasswd doesn't enforce the policy whether I bind with
the user in question or Directory Manager. I've tried with subtree
policies and also user-only policies. If I try to change the password in
the GUI, the password policy works ok.
> This entry has objectclass ldapSubEntry, which means it is hidden from
normal searches.
Hmm, I wonder if PAM and ldappasswd are not finding the policies as a
result of this? There is nothing interesting in the access log - I can
see the extop password operation line but it doesn't say anything about
the filter used to look for password policy objects? Is there perhaps a
way to include ldapSubEntry objects in normal searches?
PK
More information about the 389-users
mailing list