I already tested it, and works as expected, Thanks.
On Tue, Oct 25, 2016 at 2:24 PM, Alberto Viana <[email protected]> wrote: > Mark, > > Thanks, I will try on it. > > One more question, and what about changing password through winsync plugin? > > On Tue, Oct 25, 2016 at 1:21 PM, Mark Reynolds <[email protected]> > wrote: > >> >> >> On 10/25/2016 11:10 AM, Mark Reynolds wrote: >> >> >> >> On 10/25/2016 10:37 AM, Alberto Viana wrote: >> >> Hello, >> >> Version >> 389-Directory/1.3.4.11 B2016.182.1718 >> >> I'm trying to implement password expiration policy with no sucess, I've >> changed my config: >> >> dn: cn=config >> changetype: modify >> replace: passwordExp >> passwordExp: on >> - >> replace: passwordMaxAge >> passwordMaxAge: 120 >> >> >> But after that I'm still able to bind with my(or any) user in 389. >> >> Am I missing something? Also, what attribute 389 uses to control that? I >> could not see any attribute in my user related to that. >> >> >> Additionally, make sure "passwordChange: on" is set in cn=config (so >> users can change their passwords) >> >> After setting this you must change the password in the entry (this sets >> the passwordexpirationtime operational attribute in the entry). >> >> I forgot to mention that you MUST change the password as the user, not >> "directory manager" or some admin account. Changing the password as >> directory manager will not set the passwordexpirationtime operational >> attribute in the entry (as Directory Manager bypasses password policy). >> >> Then the expiration time will be enforced on future logins for that >> entry. These settings do not work retroactively. >> >> Hope this helps, >> Mark >> >> >> All changes were based on this doc: >> https://access.redhat.com/documentation/en-US/Red_Hat_Direct >> ory_Server/9.0/html/Administration_Guide/User_Account_ >> Management.html#User_Account_Management-Managing_the_Password_Policy >> >> Thanks. >> >> >> >> _______________________________________________ >> 389-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> >> >> >> _______________________________________________ >> 389-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> >> >> _______________________________________________ >> 389-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
