[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy works, then doesn't

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: ppolicy works, then doesn't
From: "Bidwell, Matt" <Matt.Bidwell@nrel.gov>
Date: Fri, 17 Jun 2011 17:10:27 -0600
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
Thread-index: AcwtQ78jMvZNxYc2SPKl88crrtf9Dg==
Thread-topic: ppolicy works, then doesn't

I had ppolicy working. Then it stopped.  I've cut some stuff for security but
I've included some debug info off the ldap server and the ldapsearch + output 
for that user.  Most notably pwdHistory and pwdChangedTime no longer updates. 
pwdMinLength seems to work, as does pwdCheckQuality.  Any ideas why it stopped
working or what else I can use to debug? I've recently changed the hash, but
it didn't coincide with the date ppolicy stopped working.

Matt

>From Ldap server debug:
acl: internal mod entryCSN: modify access granted
acl: internal mod modifiersName: modify access granted
acl: internal mod modifyTimestamp: modify access granted 
bdb_modify_internal: replace userPassword
bdb_modify_internal: replace entryCSN
bdb_modify_internal: replace modifiersName
bdb_modify_internal: replace modifyTimestampca


oc_check_required entry (uid=testuser,ou=fte,ou=people), objectClass "posixAccount"
oc_check_required entry (uid=testuser,ou=fte,ou=people), objectClass "shadowAccount"
oc_check_required entry (uid=testuser,ou=fte,ou=people), objectClass "inetOrgPerson"
oc_check_allowed type "roomNumber"
oc_check_allowed type "employeeType"
oc_check_allowed type "shadowExpire"
oc_check_allowed type "homePhone"
oc_check_allowed type "givenName"
oc_check_allowed type "mobile"
oc_check_allowed type "objectClass"
oc_check_allowed type "shadowLastChange"
oc_check_allowed type "uid"
oc_check_allowed type "mail"
oc_check_allowed type "uidNumber"
oc_check_allowed type "cn"
oc_check_allowed type "telephoneNumber"
oc_check_allowed type "loginShell"
oc_check_allowed type "host"
oc_check_allowed type "gidNumber"
oc_check_allowed type "gecos"
oc_check_allowed type "homeDirectory"
oc_check_allowed type "sn"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "pwdHistory"
oc_check_allowed type "pwdChangedTime"
oc_check_allowed type "pwdPolicySubentry"
oc_check_allowed type "userPassword"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"


Ldapsearch:
# testuser, fte, people, 
dn: uid=testuser,ou=fte,ou=people
structuralObjectClass: inetOrgPerson
entryUUID: 2c51bca1-1460-4b26-ae20-3c054c861d30
creatorsName: cn=admin
createTimestamp: 20110523222307Z
pwdHistory: 20110606211017Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}aZlEl1nHU2K
 
pwdHistory: 20110606211045Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}LCJWgHumf2f
 
pwdHistory: 20110606211056Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}toDKXKosvds
 
pwdChangedTime: 20110606211056Z
pwdPolicySubentry: cn=default,ou=policies
entryCSN: 20110617223036.234028Z#000000#000#000000
modifiersName: uid=testuser,ou=fte,ou=people
modifyTimestamp: 20110617223036Z
entryDN: uid=testuser,ou=fte,ou=people
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Follow-Ups:
- RE: ppolicy works, then doesn't
  - From: "Bidwell, Matt" <Matt.Bidwell@nrel.gov>

Prev by Date: Re: Password Policy
Next by Date: Re: schema replication problems with test059-slave-config
Index(es):
- Chronological
- Thread