> On Jun 14, 2017, at 12:07 PM, Shawn McKinney <[email protected]> wrote: > > That was a work-around, and not recommended as solution as there will prolly > be some (other) problems in the apis you will encounter, when you call other > methods, and they attempt some auditing operations. > > So, if you can use latest source, pull, and change the server type back to > apacheds. > > If you can’t, add this flag to fortress.properties, which will disable going > down code pathways specific to slapd auditing, which isn’t support on > apacheds: > > disable.audit=true > > Later, when you upgrade to next release, you can remove the audit flag and > simply use this: >> ldap.server.type=apacheds >
a bit more on this topic... Here’s the ticket where the apacheds pw policy work is being tracked: https://issues.apache.org/jira/browse/FC-211 Most of the code changes were in the administrative functions, i.e. editing (new) password policy objects. ADS prepends ‘ads’ to all of the attribute names in the policy object class. The policy attributes attached to user, i.e. pwdreset, pwdlocked, pwdhistory, are the same in either server impl. I did have to do some work to make sure that when you set a password policy on a user account, i.e. using pwdpolicysubentry, it points to the correct location, as ADS requires these policy objects to be located in a specific ou in the DIT, as mentioned earlier. There was also work just done, to manually removing the pwdreset flag on changepassword api. For these reasons, you’re going to want to use latest code. The good news, expect a new release sometime in July, that has all of this new code working. :-) thanks, Shawn
