Hi, and thanks again.
I took a look on the 389DS's console, in configuration -> Data ->
Passwords, and there is no special configuration
Enable fine-grained password policy is : Disabled
in User password change :
User may change password is : Enbaled
Allow changes in = 0 days
keep password history is : Disabled
Password never expire : Enabled
Password syntax : Disabled
Password Encryption is SSHA.
Another thing : I tried to use ldappasswd command (from the mail server)
with the user credentials, and it worked even with simple passwords:
ldappasswd -H
-x -D
"uid=nagios,ou=people,dc=example,dc=com" -w nagios2016 -a nagios2016 -s
azertyu7 -v -Z
ldap_initialize( ldap://idm01.example.com:389/??base )
Result: Success (0)
Regards.
2016-04-12 12:39 GMT+01:00 Ludwig Krispenz <lkrispen(a)redhat.com>:
Hi,
I was not talking about access control, but about password policy -
quality of passwords, reuse, expiration, when it can be changed ...
Please read:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10...
On 04/12/2016 12:35 PM, wodel youchi wrote:
Hi, and thanks
But as I understand, there is and AC created for
ou=people,dc=example,dc=com called "Allow self entry modification" and
userPassword attribute is selected for write.
is there another AC that supersedes this one?
Regards.
2016-04-12 11:19 GMT+01:00 Ludwig Krispenz <lkrispen(a)redhat.com>:
>
> On 04/12/2016 11:50 AM, wodel youchi wrote:
>
> Hi,
>
> I am trying to make horde's module passwd let users change their
> passwords.
>
> In the configuration file of the moduke there are two options for ldap :
>
> - ldap : this option uses the users credentials to modify the password
> (the user change his password with his credentials).
>
> - ldapadmin : this option uses the admin, such as the Directory Manager
> to modify the user's password.
>
> the first one, didn't work for me, I get in the horde log : could not
> replace userPassword attribute, LDAP server : constraint violation.
>
> the second one worked.
>
> In the error log of 389DS, I didn't find any useful error message.
>
> PS : tls is enabled.
>
>
> any idea?
>
> changing th pw as user, you probably violate the password policy
>
>
>
> Regards.
>
>
> --
> 389 users mailing list
>
389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>
>
> --
> Red Hat GmbH,
http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
>
>
> --
> 389 users mailing list
> 389-users@%(host_name)s
>
>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>
--
389 users mailing list
389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
Red Hat GmbH,
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org