|
Michael,
I modified the command and was able to implement the password policy using:
# ldapadd -x -W -D cn=****,dc=****,dc=**** -f passwordPolicy.ldif
Verified the policy was applied:
# ldapsearch -x -D cn=****,dc=****,dc=**** -H ldap:// -b dc=****,dc=**** -W
# real, People, ****.****
dn: uid=real,ou=People,dc=****,dc=****
uid: real
homeDirectory: /home/real
memberUid: real
…
…
# policies, ****.****
dn: cn=policies,dc=cluster,dc=sec312
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn:: cG9saWNpZXMg
sn: policies
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 3600
pwdInHistory: 10
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 7776000
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: FALSE
pwdSafeModify: FALSE
# search result
search: 2
result: 0 Success
# numResponses: 598
# numEntries: 597
TEST: I reset the password for user ‘real’ an ldap client using passwd, the password was successfully changed. However, the new user password did not change on the ldap server. It appears that the policy is not updating the ou where my user ‘real’ belongs to.
Maybe it’s got to do with my ldap tree and where I configured my password policy (cn=policies), this is how it is now:
dc=****, dc=****
cn=policies
…
…
ou=People
…
…
Thank you,
Liz
From: Michael Ströder <michael@stroeder.com>
Date: Thursday, September 24, 2015 at 11:42 AM To: Elizabeth Real Chavez <Elizabeth.Real@jpl.nasa.gov>, "openldap-technical@openldap.org" <openldap-technical@openldap.org> Subject: Re: Allow users to change ldap password with passwd Real, Elizabeth (392K) wrote:
I guess you want to use another bind-DN with -D when writing to your normal DB
backend / naming context dc=*****,dc=*****.
And defining -Y and -D together does not make sense. Please consult the man
page and look at various bind methods more closely.
Ciao, Michael.
|