On 04/02/2012 11:16 PM, MATON Brett wrote:
Hi,
The password sync service between AD and Directory server appears to
“can” passwords with extended characters.
I’m working for a client in Belgium at the moment and they’re quite
accent happy with passwords.
Now, Active Directory happily accepts these passwords but I don’t
even get a sniff of the password change attempt in the audit log from
in 389-DS.
Is this a bug or by design ?
http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging
Thanks Rich ( I don’t normally get access to windows logs J).
04/02/12 14:42:22: Modify password failed for remote entry:
uid=<user>,ou=People,<blah>
04/02/12 14:42:22: Deferring password change for <user>
04/02/12 14:42:24: Ldap error in ModifyPassword
19: Constraint violation
No problem, bit of digging around tells me that there is a 7 bit
character constraint on passwords (7-bit check plugin).
What I don’t understand is why there is nothing on the Linux side, surely:
//04/02/12 14:42:24: Ldap error in ModifyPassword
Means that the password change has been attempted and rejected by the
server, so why am I not seeing anything in the logs on the server?
Do you see any connections at all from the AD box in your directory
server access log? /var/log/dirsrv/slapd-INSTANCE/access
Regards,
Brett
-------------------------------------------------------------------
*GreeNRB
*/NRB considers its environmental responsibility and goes for green IT./
/May we ask you to consider yours before printing this e-mail? /**
*NRB, daring to commit
*/This e-mail and any attachments, which may contain information that
is confidential and/or protected by intellectual property rights, are
intended for the exclusive use of the above-mentioned addressee(s).
Any use (including reproduction, disclosure and whole or partial
distribution in any form whatsoever) of their content is prohibited
without prior authorization of NRB. If you have received this message
by error, please contact the sender promptly by resending this e-mail
back to him (her), or by calling the above number. Thank you for
subsequently deleting this e-mail and any files attached thereto./