Le 06/03/2020 à 17:47, Quanah Gibson-Mount a écrit :
>
>
> --On Friday, March 6, 2020 8:47 AM +0000 Manuela Mandache
> <manuela.manda...@protonmail.com> wrote:
>
>> Hello Clément,
>>
>> Thanks for your answer. Well, if you don't get the same behavior as I
>> do,
>> it does seem I have a configuration issue. But what configuration issue
>> can that be? Where should I look for it?
>>
>> The present dynamic configuration of the directory running on 2.4.44 was
>> obtained through direct conversion of the static configuration of the
>> directory running on 2.3.34 - where the pwdChangedTime is set when I add
>> a new entry with ldapadd.
>
> I might start with seeing if there are noticable differences between
> the 2.3 and 2.4 ppolicy man pages. And perhaps Clément can share the
> config he was working with. :)
Here is the overlay configuration:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: TRUE
olcPPolicyForwardUpdates: FALSE
The LDIF of the created entry:
dn: uid=testpolicy,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
pwdPolicySubentry: cn=default,ou=ppolicies,dc=example,dc=com
uid: testpolicy
userPassword::
e1NTSEEyNTZ9VyttdTB0eU5LZThnamFDajBaU0J2Tm9MRFJ0anNTbDZqUkk1WTZ
MREk2V1lSZlhCZ0YvRndBPT0=
sn: test
cn: test
The related ppolicy :
dn: cn=default,ou=ppolicies,dc=example,dc=com
objectClass: device
objectClass: extensibleObject
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 86400
pwdGraceAuthNLimit: 0
pwdInHistory: 4
pwdLockout: TRUE
pwdMaxAge: 31536000
pwdMaxFailure: 3
pwdMinAge: 0
pwdMinLength: 4
pwdMustChange: TRUE
pwdSafeModify: FALSE
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
