Hi,
I am using 389-ds-base-1.3.7.5-28.el7_5.x86_64 on CentOS7 All is up to date.
I configured a password policy, and I checked User may change password, but when I try
[root@idm01 ~]# ldappasswd -p 389 -h idm01.example.com -ZZ -x -D "uid=jane.doe,ou=people,dc=example,dc=com" -W -a oldpass -s newpass
I get :
*Result: Server is unwilling to perform (53)Additional info: User is not allowed to change password*
any idea?
Regards.
Hi,
Does your user has rights to write userPassword attribute ? What do you have in the server log /var/log/dirsrv/dirsrv@<instance>/errors file ?
rgds
Hi, Thanks for the help.
1- Yes users can change their passwords. 2 - In the log I don't have much, I didn't change the verbosity of the server
But I did something else and I don't really understand it.
My first configuration of Password Policy was Global and by the way I have a master slave installation.
Reading the Directory Server Documentation, I found that I can create a specific Password Policy, so I took the ou=people,dc=example,dc=com and I created a new Password Policy and this time the policy worked, users may change their passwords.
But I had another "issue", i don't know if I can call it that way. The documentation says that the Password Policy get bypassed when using the Admin account or the Directory Manager to change user password, but I got two behaviors : - if I change the user password using the cmd line with ldappasswd, the policy get enforced even when using Directory Manager to make the change. - if I change the user password using 389DS Console, the policy get bypassed when using Directory Manager to make the change.
So in conclusion I have : - The global password policy is not working. - The local policy is working, but with different behaviors.
For now I am using the local Password Policy because it's doing the job...
Regards.
Le jeu. 22 nov. 2018 à 21:35, Olivier JUDITH gnulux@gmail.com a écrit :
Hi,
Does your user has rights to write userPassword attribute ? What do you have in the server log /var/log/dirsrv/dirsrv@<instance>/errors file ?
rgds _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users@lists.fedoraproject.org