[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ppolicy asking for password change
Sandeep-
I had a similar problem when I first enabled password policy and I traced
it down to the fact that existing accounts did not have one of the
operational attributes and so openldap considered the account's password
to be expired. I can try to figure out which attribute it was if you
would like.
My workaround was to create a password policy which had no password aging
and to set all accounts to use that policy.
Hope that helps a bit,
roy
"Sandeep A.S" <sandeep@netcontinuum.com>
Sent by: owner-openldap-software@OpenLDAP.org
06/27/2006 06:34 AM
Please respond to
sandeep@netcontinuum.com
To
sandeep@netcontinuum.com
cc
openldap-software@OpenLDAP.org
Subject
Re: ppolicy asking for password change
I am able to rectify this issue by creating the accout again.
This problem happens only to the accouts which exists before adding the
ppolicy directive.
And it is not happening to the account which I created later.
As a workaroud I deleted all the accounts and created it again.
I got this point after searching the archives.
Thanks a lot
Sandeep
Sandeep A.S wrote:
> Hi
>
> I am using openldap version 2-3-24.
> I made the ppolicy overlay enabled
>
> Whenever user logs in it ask to change the password .
>
> After changing the password aslo next time login ,it aks to change the
> password
> with the error password aged.
> The following is my standerd policy:
> dn: cn=Standard Policy,ou=Policies,dc=nc,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: Standard Policy
> pwdAttribute: userPassword
> pwdMaxFailure: 3
> pwdInHistory: 3
> pwdMinLength: 6
> pwdExpireWarning: 259200
> pwdAllowUserChange: TRUE
> pwdFailureCountInterval: 300
> pwdGraceAuthNLimit: 1
> pwdLockoutDuration: 300
> pwdMustChange: FALSE
> pwdCheckQuality: 1
> pwdMaxAge: 10368000
>
> my slapd.conf is below:
>
> <sniped>
> database bdb
> overlay ppolicy
> ppolicy_default "cn=Standard Policy,ou=Policies,dc=nc,dc=com"
> ppolicy_use_lockout
>
> Any pointer to troubleshoot this issue ?
> -Thanks
> Sandeep