[Fedora-directory-users] Password policy don't work on a subtree

Visolve LDAP Group ldapgroup at visolve.com
Thu Feb 26 04:25:05 UTC 2009 

 

Hi,

 

Hugo Étiévant,

 

I believe you configured the sub tree password policy through
ns-newpwpolicy.pl script.

 

When you configure the global password policy it may override the sub tree
password policy. So make sure that 'nsslapd-pwpolicy-local' is 'on' in
cn=config entry of dse.ldif file to make the sub tree policy to work.

 

This attribute decides whether the local password policy is enabled or not.
Anyways the execution of ns-newpwpolicy.pl script will turn this attribute
value to 'on'.

 

However you cannot see any traces of sub tree  Password policy attributes by
searching cn=config tree or in dse.ldif file. It will show only global
password policy attributes.

 

You can see list of applied sub tree password policy attributes by
performing a search like this.

 

/opt/dirsrv/bin/ldapsearch -v -h <host> -p <port> \

-D "<managerDN>" -w <passwd> -b <suffix>  objectclass=ldapsubentry

 

dn:cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolicyContainer,ou=
marketing,o=abc.com

objectClass: top

objectClass: ldapsubentry

objectClass: passwordpolicy

cn: cn=nsPwPolicyEntry,ou=marketing,o=abc.com

passwordExp: off

passwordMaxAge: 10

passwordWarning: 15

passwordGraceLimit: 1

pwdpolicysubentry:
cn="cn=nsPwPolicyEntry,ou=marketing,o=abc.com",cn=nsPwPolic

 yContainer,ou=marketing,o=abc.com

 

 

Regards,

ViSolve LDAP Team.

 

 

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Hugo
Etievant
Sent: Wednesday, February 25, 2009 9:41 PM
To: General discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] Password policy don't work on a subtree

 

hello,

 

version : Directory Server 1.1.3 on Fedora 8 64 bits plateform

 

When i configure a password policy on a subtree of my directory, this 

policy do not works.

When i configure a global password policy, this global policy works but 

ignore locals policy of subtrees.

 

when i look at the databases ldif backup, il do not find the 

"passwordMinLength" attribute for local password policy for subtrees

but this attribut exists in dse ldif for the global policy !

 

how resolve this ?

 

regards

 

-- 

* Hugo Étiévant *

 

--

Fedora-directory-users mailing list

Fedora-directory-users at redhat.com

https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090226/d69b30d0/attachment.html>

More information about the 389-users mailing list