Hi, Just to explain better what I need:
Enforce a global password policy with password expiration but disable for some specifics OUs (just disable the password expiration). On Fri, Nov 4, 2016 at 12:54 PM, Alberto Viana <[email protected]> wrote: > Hi, > > 389-ds: 1.3.4.11 > > What I Need: > > Enforce a global password policy but disable for some specifics OUs. > > Doc: https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/10/html-single/Administration_Guide/ > index.html#User_Account_Management-Managing_the_Password_Policy > > Everything was working fine but I realized for that specific OU that I > created a local policy started to storage user password as plaintext: > > I created the local policy using the script ns-newpwpolicy.pl as below: > > /opt/dirsrv/sbin/ns-newpwpolicy.pl -v -D "cn=Directory Manager" -w > my_manager_pass -S OU=testing,dc=homolog,dc=rnp > > Here's my config: > > nsslapd-pwpolicy-local: on (under cn=config) > > Double checked using 389 console that under this OU, "Fine-grained subtree > policy enabled" is set on. > > > ldapsearch -b 'cn="cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp",cn= > nsPwPolicyContainer,OU=testing,dc=homolog,dc=rnp' -D "cn=Directory > Manager" -x -W '(objectclass=ldapsubentry)' > # extended LDIF > # > # LDAPv3 > # base <cn="cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp",cn= > nsPwPolicyContainer,OU=testing,dc=homolog,dc=rnp> with scope subtree > # filter: (objectclass=ldapsubentry) > # requesting: ALL > # > > # cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\2Cdc\3Drnp, nsPwPol > icyContainer, testing, homolog.rnp > dn: cn=cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\ > 2Cdc\3Drnp,cn=n > sPwPolicyContainer,OU=testing,dc=homolog,dc=rnp > passwordStorageScheme: SSHA > passwordChange: off > passwordMaxAge: 8640000 > passwordExp: off > objectClass: top > objectClass: extensibleObject > objectClass: costemplate > objectClass: ldapsubentry > cosPriority: 1 > cn: cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp > > > > A user entry on this OU: > > dn: uid=app-test,OU=testing,dc=homolog,dc=rnp > userPassword:: MXEydzNlNHI= > ntUserLastLogon: 131219776403276312 > objectClass: top > objectClass: person > objectClass: organizationalperson > objectClass: inetOrgPerson > > > Am I missing something? > > Thanks > > Alberto Viana >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
