[389-users] password not expire 389

Sun, 26 Feb 2017 07:58:35 -0800 

Hi
with the new 1.2.2-1 389* the user can resure the same password Again & Again, 
the passwordhistory stop to Work and not showing anymore. see my test below. It 
is the first time i get this kind of issue

[root@centos6 ~]# rpm -qa|grep 389
389-console-1.1.7-1.el6.noarch
389-adminutil-1.1.19-1.el6.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-ds-base-libs-1.2.11.15-85.el6_8.x86_64
389-admin-1.1.35-1.el6.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-ds-base-1.2.11.15-85.el6_8.x86_64


[root@centos6 scripts]# cat test_passwd_history.ksh
#!/bin/ksh
#Ldap test passwd if it is expired or not - tng 20170226
 ldapsearch -xLLL -ZZ -b dc=nnit '(&(uid=tnng))' passwordRetryCount 
passwordExpWarned accountUnlockTime passwordExpirationTime passwordHistory 
createtimestamp modifytimestamp retryCountResetTime passwordAllowChangeTime 
nsRoleDN
ldappasswd -s 123 -w 12345678 -x -ZZ -D cn='directory manager' cn='Tuan 
Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit'

[root@centos6 scripts]# ./test_passwd_history.ksh
dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
passwordExpWarned: 0
passwordExpirationTime: 19700101000000Z
createtimestamp: 20170114110541Z
modifytimestamp: 20170226085143Z
[root@centos6 scripts]# ./test_passwd_history.ksh
dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
passwordExpWarned: 0
passwordExpirationTime: 19700101000000Z
createtimestamp: 20170114110541Z
modifytimestamp: 20170226091223Z
[root@centos6 scripts]# ./test_passwd_history.ksh
dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
passwordExpWarned: 0
passwordExpirationTime: 19700101000000Z
createtimestamp: 20170114110541Z
modifytimestamp: 20170226091224Z
[root@centos6 scripts]#

policy
[root@centos6 scripts]# ldapsearch -xLLL -ZZ -b 
cn='cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyContainer,ou=Infrastructure,dc=nnit'
 -s base '(&(objectclass=passwordpolicy))'
dn: cn=cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyCon
 tainer,ou=Infrastructure,dc=nnit
passwordStorageScheme: ssha
passwordGraceLimit: 1
passwordChange: on
passwordWarning: 86400
passwordMinAge: 0
passwordExp: on
passwordMustChange: on
passwordMaxAge: 86400
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,ou=Infrastructure,dc=nnit

Policy settings from GUI:
www.chezmoi.dk/389-passwd-not-expire.png
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Reply via email to