[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy and pwdGraceUseTime



Openldap 2.4.39

 

Adding in policy in already running OpenLDAP installation. Mostly functional – I was locked out after failed password attempts as expected.

 

Existing user with password beyond expiration is an issue. It is extended grace logins as expected but when I try to change the password, I get an error which appears to be  “error 16 – modify/delete: pwdGraceUseTime: no such attribute”

 

But there is that attribute.

 

# ldapsearch -x -h localhost '(uid=craig.white)' +

Enter LDAP Password:

# extended LDIF

#

# LDAPv3

# base <dc=obscured> (default) with scope subtree

# filter: (uid=craig.white)

# requesting: +

#

 

# craig.white, People, obscured

dn: uid=craig.white,ou=People,dc=obscured

entryUUID: c4ae47b4-c3e9-1033-8b0f-497efc42df64

creatorsName: cn=root,dc=obscured

createTimestamp: 20140829170048Z

pwdChangedTime: 20150730153646Z

structuralObjectClass: inetOrgPerson

pwdPolicySubentry: cn=personnelpp,ou=Policies,dc=obscured

pwdGraceUseTime: 20150827230337Z

pwdGraceUseTime: 20150827230344Z

pwdGraceUseTime: 20150827230351Z

pwdGraceUseTime: 20150827230430Z

pwdGraceUseTime: 20150827230441Z

pwdGraceUseTime: 20150827230847Z

pwdGraceUseTime: 20150827230855Z

pwdGraceUseTime: 20150827231032Z

pwdGraceUseTime: 20150827231039Z

pwdGraceUseTime: 20150828152032Z

pwdGraceUseTime: 20150828152038Z

pwdGraceUseTime: 20150828152404Z

pwdGraceUseTime: 20150828152410Z

pwdGraceUseTime: 20150828152527Z

pwdGraceUseTime: 20150828152533Z

pwdGraceUseTime: 20150828152643Z

pwdGraceUseTime: 20150828152648Z

pwdGraceUseTime: 20150828153349Z

pwdGraceUseTime: 20150828153354Z

pwdGraceUseTime: 20150828153619Z

pwdGraceUseTime: 20150828153623Z

entryCSN: 20150828154229.701657Z#000000#000#000000

modifiersName: cn=admin,dc=obscured

modifyTimestamp: 20150828154229Z

entryDN: uid=craig.white,ou=People,dc=obscured

subschemaSubentry: cn=Subschema

hasSubordinates: FALSE

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

Why won’t it let me change my password?

 

Craig White

System Administrator

O 623-201-8179   M 602-377-9752

 

cid:image001.png@01CF86FE.42D51630

 

SkyTouch Technology     4225 E. Windrose Dr.     Phoenix, AZ 85032