[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy asking for password change

To: sandeep@netcontinuum.com
Subject: Re: ppolicy asking for password change
From: Roy Ledochowski <rledo@us.ibm.com>
Date: Tue, 27 Jun 2006 09:41:18 -0700
Cc: openldap-software@OpenLDAP.org, owner-openldap-software@OpenLDAP.org, sandeep@netcontinuum.com
In-reply-to: <44A13403.4090008@netcontinuum.com>

Sandeep-

I had a similar problem when I first enabled password policy and I traced 
it down to the fact that existing accounts did not have one of the 
operational attributes and so openldap considered the account's password 
to be expired.  I can try to figure out which attribute it was if you 
would like.

My workaround was to create a password policy which had no password aging 
and to set all accounts to use that policy. 

Hope that helps a bit,
roy

"Sandeep A.S" <sandeep@netcontinuum.com> 
Sent by: owner-openldap-software@OpenLDAP.org
06/27/2006 06:34 AM
Please respond to
sandeep@netcontinuum.com

To
sandeep@netcontinuum.com
cc
openldap-software@OpenLDAP.org
Subject
Re: ppolicy  asking for  password change

I am able to rectify this issue by creating the accout again.
This problem happens only to the accouts which exists before adding the 
ppolicy directive.
 And it is not happening to  the account  which I created later.
 As a workaroud I deleted all the accounts and created it again.
I got this point after searching the archives.
  Thanks  a lot
  Sandeep 

Sandeep A.S wrote:

> Hi
>
> I am using openldap version 2-3-24.
> I made the ppolicy overlay enabled
>
> Whenever user logs in it ask to change the password .
>
> After changing the password aslo next time login ,it aks to change the 
> password
> with the error password aged.
> The following  is my standerd policy:
> dn: cn=Standard Policy,ou=Policies,dc=nc,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: Standard Policy
> pwdAttribute: userPassword
> pwdMaxFailure: 3
> pwdInHistory: 3
> pwdMinLength: 6
> pwdExpireWarning: 259200
> pwdAllowUserChange: TRUE
> pwdFailureCountInterval: 300
> pwdGraceAuthNLimit: 1
> pwdLockoutDuration: 300
> pwdMustChange: FALSE
> pwdCheckQuality: 1
> pwdMaxAge: 10368000
>
> my  slapd.conf  is below:
>
> <sniped>
> database  bdb
> overlay         ppolicy
> ppolicy_default "cn=Standard Policy,ou=Policies,dc=nc,dc=com"
> ppolicy_use_lockout
>
> Any pointer to troubleshoot this issue ?
> -Thanks
> Sandeep

References:
- Re: ppolicy asking for password change
  - From: "Sandeep A.S" <sandeep@netcontinuum.com>

Prev by Date: Re: my ldap hangup every time I used slapcat
Next by Date: Trying to figure out access policies
Index(es):
- Chronological
- Thread