On 10/31/18 10:37 AM, Alberto Viana wrote:
Hi Mark,
In access log the behavior is exactly how you said (small description):
"invalid password syntax"
Yeah a bit vague :-(
I opened this RFE ticket:
https://pagure.io/389-ds-base/issue/50002 --> Feel free to add any
comments, requests, or suggestions
I'm not sure what version this will land in, but what version of
389-ds-base are you using?
Thanks,
Mark
I know that's related to password policy, but it's really bad not
known which item exactly. In some cases the users could provide me the
password and I can analyse, but in some cases not, so I think that
should exist something in 389 to show to us(admin) that.
Thanks anyway for your help.
On Wed, Oct 31, 2018 at 11:27 AM Mark Reynolds <mreynolds(a)redhat.com
<mailto:mreynolds@redhat.com>> wrote:
Hi Alberto,
Did you check the access log? There "should" be a small text
message that said what syntax was violated on the RESULT line in
the access log. Just grep for err=19 in the access logs. Let me
know if you find it. But that's all there would be for
troubleshooting this. Checking the current passwd policy code we
don't have any useful logging in there - we only send small
descriptions of the error back to the client.
So this inspires me to add a new error log level for tracking
password policy behavior. I will open a new ticket for that RFE
shortly...
Thanks,
Mark
On 10/31/18 10:12 AM, Alberto Viana wrote:
> Hi Guys,
>
> There's any way to log or track constraint violation reason?
>
> Once We have 2 environments I need to track when an user could
> change password on windows side but this password could not be
> replicated to 389 due to password policy .
>
> I can see this on passsync log:
>
> 10/30/18 18:43:38: Searching for (ntuserdomainid=my.user)
> 10/30/18 18:43:38: Ldap error in ModifyPassword
> 19: Constraint violation
> 10/30/18 18:43:38: Modify password failed for remote entry:
> uid=my.user,ou=users,dc=my,dc=domain
>
> But I need to know which item on password policy has been violated
>
>
> Thanks
>
> _______________________________________________
> 389-users mailing list --389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> To unsubscribe send an email to389-users-leave(a)lists.fedoraproject.org
<mailto:389-users-leave@lists.fedoraproject.org>
> Fedora Code of
Conduct:https://getfedora.org/code-of-conduct.html
> List
Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
> List
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fe...