[389-users] Password Policy not working fine

Allan Gaston Hougham allanhougham at hotmail.com
Thu Dec 3 16:47:45 UTC 2009 

Hi, thanks for you response,

 

We have Fedora-ds 1.2.2  2009.237.2054

 

Platform:

 

Linux zblhp36 2.6.18-8.1.14.el5 #1 SMP Tue Sep 25 11:45:55 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux


In this time we can apply any policies, but is not working "user must change password after reset" and change password later that it exipire

 

This is the error with this ldap.conf:

 

[root at yblhp35 openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
#use_sasl on
URI ldap://zblhp36.ml.com/
BASE dc=ml,dc=com
suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
#TLS_CACERTDIR /etc/openldap/cacerts
#TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
TLS_REQCERT allow
bind_policy soft
ssl no
TLS_CACERTDIR /etc/openldap/cacerts
pam_password md5

 

ERROR:

 

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testsi.
Enter login(LDAP) password:
LDAP Password incorrect: try again
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:

LDAP password information update failed: Server is unwilling to perform user is not allowed to change password

passwd: Permission denied

 

 

And this is the error with this ldap.conf:

 

 

[ahougham at dblvm32 ~]$ cat /etc/ldap.conf
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
#use_sasl on

HOST 172.16.100.186 172.16.102.49
URI ldaps://172.16.100.186 ldaps://172.16.102.49
BASE dc=ml,dc=com
suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
#TLS_CACERTDIR /etc/openldap/cacerts/
#TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
TLS_REQCERT allow
bind_policy soft
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
uri ldap://zblhp36.ml.com/
base dc=ml,dc=com
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
pam_lookup_policy yes
# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop


 

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testsi.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Confidentiality required Operation requires a secure connection.

 

 

 

Thanks in advance!!!

 

 

Allan

 

 
> Date: Mon, 30 Nov 2009 08:11:51 -0700
> From: rmeggins at redhat.com
> To: fedora-directory-users at redhat.com
> Subject: Re: [389-users] Password Policy not working fine
> 
> Allan Gaston Hougham wrote:
> > Dears,
> > 
> > I have a problem with my passwords policies, I enabled "Enable 
> > fine-grained password policy", I apply this but is not working fine.
> > I followed the steps of Administration Guide pag 364 -
> > 
> > *7.1.1.2. Configuring a Subtree/User Password Policy Using the Console*
> > 
> > But it´s not working, i have that setting any more?
> > Can you help me?
> > 
> What is your platform? What version of directory server? rpm -qi 
> 389-ds-base (or fedora-ds-base)
> > 
> > Thanks a lot in advance!
> > 
> > Allan Hougham
> > 
> >
> > ------------------------------------------------------------------------
> > Internet Explorer 8 especial para MSN - ¡Gratis! Descargalo ahora 
> > haciendo clic aquí 
> > <http://www.ie8.msn.com/microsoft/internet-explorer-8/es-ar/ie8.aspx>
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > 
> 
> 
 		 	   		  
_________________________________________________________________
Toda la información que te interesa está en MSN Noticias. Clic aquí
http://noticias.latam.msn.com/ar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091203/dee7a3f9/attachment.htm>

More information about the Fedora-directory-users mailing list