Hi, Anyone? I really need some help on this.
Thanks On Fri, Nov 4, 2016 at 1:01 PM, Alberto Viana <[email protected]> wrote: > Hi, > > Just to explain better what I need: > > Enforce a global password policy with password expiration but disable for > some specifics OUs (just disable the password expiration). > > > > > On Fri, Nov 4, 2016 at 12:54 PM, Alberto Viana <[email protected]> > wrote: > >> Hi, >> >> 389-ds: 1.3.4.11 >> >> What I Need: >> >> Enforce a global password policy but disable for some specifics OUs. >> >> Doc: https://access.redhat.com/documentation/en-US/Red_Hat_Direct >> ory_Server/10/html-single/Administration_Guide/index. >> html#User_Account_Management-Managing_the_Password_Policy >> >> Everything was working fine but I realized for that specific OU that I >> created a local policy started to storage user password as plaintext: >> >> I created the local policy using the script ns-newpwpolicy.pl as below: >> >> /opt/dirsrv/sbin/ns-newpwpolicy.pl -v -D "cn=Directory Manager" -w >> my_manager_pass -S OU=testing,dc=homolog,dc=rnp >> >> Here's my config: >> >> nsslapd-pwpolicy-local: on (under cn=config) >> >> Double checked using 389 console that under this OU, "Fine-grained >> subtree policy enabled" is set on. >> >> >> ldapsearch -b 'cn="cn=nsPwTemplateEntry,OU=t >> esting,dc=homolog,dc=rnp",cn=nsPwPolicyContainer,OU=testing,dc=homolog,dc=rnp' >> -D "cn=Directory Manager" -x -W '(objectclass=ldapsubentry)' >> # extended LDIF >> # >> # LDAPv3 >> # base <cn="cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp",cn=n >> sPwPolicyContainer,OU=testing,dc=homolog,dc=rnp> with scope subtree >> # filter: (objectclass=ldapsubentry) >> # requesting: ALL >> # >> >> # cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\2Cdc\3Drnp, >> nsPwPol >> icyContainer, testing, homolog.rnp >> dn: cn=cn\3DnsPwTemplateEntry\2COU\3Dtesting\2Cdc\3Dhomolog\2Cdc >> \3Drnp,cn=n >> sPwPolicyContainer,OU=testing,dc=homolog,dc=rnp >> passwordStorageScheme: SSHA >> passwordChange: off >> passwordMaxAge: 8640000 >> passwordExp: off >> objectClass: top >> objectClass: extensibleObject >> objectClass: costemplate >> objectClass: ldapsubentry >> cosPriority: 1 >> cn: cn=nsPwTemplateEntry,OU=testing,dc=homolog,dc=rnp >> >> >> >> A user entry on this OU: >> >> dn: uid=app-test,OU=testing,dc=homolog,dc=rnp >> userPassword:: MXEydzNlNHI= >> ntUserLastLogon: 131219776403276312 >> objectClass: top >> objectClass: person >> objectClass: organizationalperson >> objectClass: inetOrgPerson >> >> >> Am I missing something? >> >> Thanks >> >> Alberto Viana >> > >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
