Hi Mark, I already have this configuration but stopped to working after I enabled my password policy. Another thing is the error changed, its not the same when was missing prehashed config and my password was set to off.
On Wed, Sep 26, 2018, 16:47 Mark Reynolds <[email protected]> wrote: > Hi Alberto, > > Only Directory Manager or a Password Admin can add pre-hashed passwords. > It has nothing to do with password policy settings. For more on password > admins see: > > > https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/password_administrators > > HTH, > > Mark > > On 09/26/2018 02:31 PM, Alberto Viana wrote: > > I have a password applied globally like this: > > dn: > cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc= > my,dc=domain > passwordLockout: off > passwordGraceLimit: 50 > passwordWarning: 86400 > passwordInHistory: 3 > passwordMinLength: 8 > passwordMinCategories: 3 > passwordStorageScheme: SSHA512 > passwordChange: on > passwordMaxAge: 31536000 > passwordCheckSyntax: on > passwordExp: on > objectClass: top > objectClass: ldapsubentry > objectClass: passwordpolicy > cn: cn=nsPwPolicyEntry,DC=my,DC=domain > > In a sub OU, I have this policy: > > # > cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3 > Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my, my.domain > dn: > cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\ > > > 2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domain > passwordLockout: off > passwordGraceLimit: 50 > passwordStorageScheme: SSHA > passwordChange: on > passwordMaxAge: 31536000 > passwordCheckSyntax: off > passwordExp: off > objectClass: top > objectClass: ldapsubentry > objectClass: passwordpolicy > cn: cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain > > But when I try to add a prehashed password on this sub OU, I see this kind > of error: > LDAP: error code 19 - invalid password syntax - passwords with storage > scheme are not allowed > > Is this an expected behavior even if in sub OU I have an password policy > with passwordCheckSyntax set to off? If so, do I have any way to disable > this behavior? (but I can not disable my global password policy) > > PS: The password policy is respecting the fact of passwordCheckSyntax is > set to off when I try to add a simple password like '1234'. > > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > > >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
