On Wed, Oct 31, 2018 at 11:27 AM Mark Reynolds <mreynolds@redhat.com> wrote:

Hi Alberto,

Did you check the access log? There "should" be a small text message that said what syntax was violated on the RESULT line in the access log. Just grep for err=19 in the access logs. Let me know if you find it. But that's all there would be for troubleshooting this. Checking the current passwd policy code we don't have any useful logging in there - we only send small descriptions of the error back to the client.

So this inspires me to add a new error log level for tracking password policy behavior. I will open a new ticket for that RFE shortly...

Thanks,

Mark

On 10/31/18 10:12 AM, Alberto Viana wrote:
Hi Guys,

There's any way to log or track constraint violation reason?

Once We have 2 environments I need to track when an user could change password on windows side but this password could not be replicated to 389 due to password policy .

I can see this on passsync log:

10/30/18 18:43:38: Searching for (ntuserdomainid=my.user)

10/30/18 18:43:38: Ldap error in ModifyPassword

19: Constraint violation

10/30/18 18:43:38: Modify password failed for remote entry: uid=my.user,ou=users,dc=my,dc=domain

But I need to know which item on password policy has been violated

Thanks
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org