Re: Syncrepl and proxyAgent password expiration

Mon, 27 Aug 2007 18:07:38 -0700 

Aaron Richton wrote:
I'm really not that familiar with ppolicy (we don't use it here), so somebody else might have more specific details. However, I'd imagine that you either need to modify the 


ppolicy_default "cn=Standard Policy,ou=Policies,dc=eagleaccess,dc=com"



using the rootdn, or you need to modify the entry 
"cn=proxyAgent,ou=Profile,dc=eagleaccess,dc=com" using the rootdn, to 
either update the proxyAgent entry (so its' password is not expired) or 
grant an exemption (in the policy) to the proxyAgent.



As noted in the slapo-ppolicy(5) manpage, you can simply set the 
pwdPolicySubentry attribute of the target entry to point it at a non-default 
policy. So create a new policy for the proxyAgent user that does not use 
password expiration, and point the proxyAgent's pwdPolicySubentry attribute at 
that new policy.


On Mon, 27 Aug 2007, Paul J. Pathiakis wrote:


Hi,


Could someone tell me what type of entry I could create (inetOrgPerson, 
account, etc) in the ou=Profile,dc=eagleaccess,dc=com directory that 
would allow me to have a proxy password entry without a password policy 
overlay control?


I think this is my last hurdle to get through here.

Thank you,

Paul Pathiakis


-----Original Message-----
From: Aaron Richton [mailto:[EMAIL PROTECTED]
Sent: Mon 8/27/2007 5:20 PM
To: Paul J. Pathiakis
Cc: [email protected]
Subject: RE: Syncrepl and proxyAgent password expiration

Something is clearly feeding


ppolicy_bind: Entry cn=proxyAgent,ou=Profile,dc=eagleaccess,dc=com

to your server. If you're looking to deprecate that and make a new DN
starting "uid=proxyAgent", you're going to have to change everything that
has the old one.

On Mon, 27 Aug 2007, Paul J. Pathiakis wrote:


Hi,

just as someone was answering the question, I got the second part of it
by just using the rootdn of the master provider.  (I went back to square
one and wiped everything on the consumer.)  Now, I'm stuck with a
"simple" problem of the Solaris 9 clients in my network coming back with
the Error 49 problem of invalid credentials.  I've created a security
object for the proxyAgent and I'm trying to initialize its use.
However, this now has a userid attribute instead of cn.  Is this going
to cause me any grief?

Thank you,

Paul Pathiakis







--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/






















					Reply via email to