[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy asking for password change


I had a similar problem when I first enabled password policy and I traced 
it down to the fact that existing accounts did not have one of the 
operational attributes and so openldap considered the account's password 
to be expired.  I can try to figure out which attribute it was if you 
would like.

My workaround was to create a password policy which had no password aging 
and to set all accounts to use that policy. 

Hope that helps a bit,

"Sandeep A.S" <sandeep@netcontinuum.com> 
Sent by: owner-openldap-software@OpenLDAP.org
06/27/2006 06:34 AM
Please respond to

Re: ppolicy  asking for  password change

I am able to rectify this issue by creating the accout again.
This problem happens only to the accouts which exists before adding the 
ppolicy directive.
 And it is not happening to  the account  which I created later.
 As a workaroud I deleted all the accounts and created it again.
I got this point after searching the archives.
  Thanks  a lot

Sandeep A.S wrote:

> Hi
> I am using openldap version 2-3-24.
> I made the ppolicy overlay enabled
> Whenever user logs in it ask to change the password .
> After changing the password aslo next time login ,it aks to change the 
> password
> with the error password aged.
> The following  is my standerd policy:
> dn: cn=Standard Policy,ou=Policies,dc=nc,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: Standard Policy
> pwdAttribute: userPassword
> pwdMaxFailure: 3
> pwdInHistory: 3
> pwdMinLength: 6
> pwdExpireWarning: 259200
> pwdAllowUserChange: TRUE
> pwdFailureCountInterval: 300
> pwdGraceAuthNLimit: 1
> pwdLockoutDuration: 300
> pwdMustChange: FALSE
> pwdCheckQuality: 1
> pwdMaxAge: 10368000
> my  slapd.conf  is below:
> <sniped>
> database  bdb
> overlay         ppolicy
> ppolicy_default "cn=Standard Policy,ou=Policies,dc=nc,dc=com"
> ppolicy_use_lockout
> Any pointer to troubleshoot this issue ?
> -Thanks
> Sandeep