Yes, thanks! On Fri, Jun 7, 2019, 5:49 AM William Brown <wbr...@suse.de> wrote:
> > > > On 3 Jun 2019, at 19:13, Eric Freeman <efree...@gmail.com> wrote: > > > > After upgrading from 389 version 1.2.11.15-33.el6_5.x86_64 to > 1.2.11.15-97.el6_10.x86_64, we're finding that the Directory Manager > account can bypass configured password policies and set user passwords to > anything. I believe this is now by design, but is there a configuration > file flag to revert to the previous behavior where Directory Manager needed > to conform to the password policy? > > > > If not, how do we create a user account in 389 ldap server with rights > to check and update user password hashes, and still enforce configured > password policies? > > I would assume that you would give an account an aci that allows > targetAttr userPassword with the ability to write to them, and set the > scope to an ou/subtree of some nature. > > Does that help? > > > > > Please advise > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org