Hi, and thanks again. I took a look on the 389DS's console, in configuration -> Data -> Passwords, and there is no special configuration
Enable fine-grained password policy is : Disabled in User password change : User may change password is : Enbaled Allow changes in = 0 days keep password history is : Disabled Password never expire : Enabled Password syntax : Disabled Password Encryption is SSHA. Another thing : I tried to use ldappasswd command (from the mail server) with the user credentials, and it worked even with simple passwords: ldappasswd -H ldap://idm01.example.com -x -D "uid=nagios,ou=people,dc=example,dc=com" -w nagios2016 -a nagios2016 -s azertyu7 -v -Z ldap_initialize( ldap://idm01.example.com:389/??base ) Result: Success (0) Regards. 2016-04-12 12:39 GMT+01:00 Ludwig Krispenz <[email protected]>: > Hi, > I was not talking about access control, but about password policy - > quality of passwords, reuse, expiration, when it can be changed ... > Please read: > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy > > > > On 04/12/2016 12:35 PM, wodel youchi wrote: > > Hi, and thanks > > But as I understand, there is and AC created for > ou=people,dc=example,dc=com called "Allow self entry modification" and > userPassword attribute is selected for write. > is there another AC that supersedes this one? > > Regards. > > 2016-04-12 11:19 GMT+01:00 Ludwig Krispenz <[email protected]>: > >> >> On 04/12/2016 11:50 AM, wodel youchi wrote: >> >> Hi, >> >> I am trying to make horde's module passwd let users change their >> passwords. >> >> In the configuration file of the moduke there are two options for ldap : >> >> - ldap : this option uses the users credentials to modify the password >> (the user change his password with his credentials). >> >> - ldapadmin : this option uses the admin, such as the Directory Manager >> to modify the user's password. >> >> the first one, didn't work for me, I get in the horde log : could not >> replace userPassword attribute, LDAP server : constraint violation. >> >> the second one worked. >> >> In the error log of 389DS, I didn't find any useful error message. >> >> PS : tls is enabled. >> >> >> any idea? >> >> changing th pw as user, you probably violate the password policy >> >> >> >> Regards. >> >> >> -- >> 389 users mailing list >> 389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/[email protected] >> >> >> -- >> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, >> Commercial register: Amtsgericht Muenchen, HRB 153243, >> Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, >> Michael O'Neill >> >> >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> >> http://lists.fedoraproject.org/admin/lists/[email protected] >> > > > > -- > 389 users mailing list > 389-users@%(host_name)shttp://lists.fedoraproject.org/admin/lists/[email protected] > > > -- > Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, > Commercial register: Amtsgericht Muenchen, HRB 153243, > Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael > O'Neill > > > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/[email protected] >
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
