Mark, Thanks, I will try on it.
One more question, and what about changing password through winsync plugin? On Tue, Oct 25, 2016 at 1:21 PM, Mark Reynolds <[email protected]> wrote: > > > On 10/25/2016 11:10 AM, Mark Reynolds wrote: > > > > On 10/25/2016 10:37 AM, Alberto Viana wrote: > > Hello, > > Version > 389-Directory/1.3.4.11 B2016.182.1718 > > I'm trying to implement password expiration policy with no sucess, I've > changed my config: > > dn: cn=config > changetype: modify > replace: passwordExp > passwordExp: on > - > replace: passwordMaxAge > passwordMaxAge: 120 > > > But after that I'm still able to bind with my(or any) user in 389. > > Am I missing something? Also, what attribute 389 uses to control that? I > could not see any attribute in my user related to that. > > > Additionally, make sure "passwordChange: on" is set in cn=config (so users > can change their passwords) > > After setting this you must change the password in the entry (this sets > the passwordexpirationtime operational attribute in the entry). > > I forgot to mention that you MUST change the password as the user, not > "directory manager" or some admin account. Changing the password as > directory manager will not set the passwordexpirationtime operational > attribute in the entry (as Directory Manager bypasses password policy). > > Then the expiration time will be enforced on future logins for that > entry. These settings do not work retroactively. > > Hope this helps, > Mark > > > All changes were based on this doc: > https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/9.0/html/Administration_Guide/User_ > Account_Management.html#User_Account_Management-Managing_ > the_Password_Policy > > Thanks. > > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
