Hello, What type of configuration info do you need? I will send some copies. Regarding the ppolicy module, I do see scripts for it & we do have password policy in place. Below is a copy of ppolicyruleReplace.ldif:
$ cat ppolicyruleReplace.ldif # dn: cn=passwordDefault,ou=Policies,dc=att,dc=com changetype: modify replace: pwdMaxAge pwdMaxAge: 7776000 - replace: pwdMaxFailure pwdMaxFailure: 8 - replace: pwdFailureCountInterval pwdFailureCountInterval: 21600 - replace: pwdLockoutDuration pwdLockoutDuration: 1800 - replace: pwdExpireWarning pwdExpireWarning: 7776000 - replace: pwdGraceAuthNLimit pwdGraceAuthNLimit: 0 - replace: pwdMustChange pwdMustChange: TRUE Here is a copy of my ldap.conf: ----- root pdprfsl4.sldc.sbc.com /etc/openldap ----- $ cat ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/cacerts # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on URI ldap://pdprfsl4.sldc.sbc.com/ BASE dc=att,dc=com tls_checkpeer no ----- root pdprfsl4.sldc.sbc.com /etc/openldap ----- Thanks, Ed -----Original Message----- From: Quanah Gibson-Mount <[email protected]> Sent: Thursday, September 17, 2020 5:58 PM To: CLARKE, ED C <[email protected]>; [email protected] Subject: Re: Issues with resetting user password --On Thursday, September 17, 2020 11:41 PM +0000 "CLARKE, ED C" <[email protected]> wrote: > [Image: ""] > > Hello, > > > > I am new to this arena, I have a Open LDAP installed on my Linux > server RHEL 7.8. > > I am not able to reset user passwords, I have checked the systemctl > status slapd.service And it is active & running. > > Below is an example of the resetpw.ldif: Are you using the ppolicy module? You've provided no information about your configuration. The correct way to change a user password is to use an LDAPv3 password modify operation, not an ldapmodify change. See the ldappasswd(1) command. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=BQ_G-uwK8fNzomGg07UAOw&m=UerShY6w9s3a0IWGtb4zxOcBKmaeyTb3w8Ksnj8Idy8&s=87c7uOFazoIEPW9ZNnW5O3FNLgat0BjThlvdOMhs5A4&e= >
