I am using M21 and it doesn't appear to be bypassing the policy, at least when it comes to password expiration.
The admin password had expired on both servers but I was able to login to the backup server b/c grace logins were allowed. It did record a grace login on the admin user when I logged in. I reset the password to the same value it was before and it didn't enforce history. I can't confirm b/c I can't login but I think the policy on the server where I can't login is as follows: dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc eptor,ou=interceptors,ads-directoryServiceId=default,ou=config entryCSN: 20160325163415.003000Z#000000#000#000000 ads-pwdLockoutDuration: 2592000 ads-pwdAttribute: userPassword ads-pwdId: default ads-pwdLockout: TRUE ads-pwdFailureCountInterval: 86400 ads-pwdMaxAge: 3888000 ads-pwdMaxFailure: 3 ads-pwdCheckQuality: 1 ads-enabled: TRUE entryUUID: 5f79a974-e791-4beb-803f-42e169b5dfb7 ads-pwdInHistory: 24 ads-pwdValidator: org.apache.directory.server.core.api.authn.ppolicy.DefaultPass wordValidator ads-pwdMinLength: 5 ads-pwdGraceAuthNLimit: 5 objectClass: ads-passwordPolicy objectClass: top objectClass: ads-base entryParentId: a4bb3a90-be7a-45ce-acb8-43ce7571df75 The error when I attempt to login as uid=admin,ou=system is as follows: Error while opening connection - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: password expired and max grace logins were used] java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: password expired and max grace logins were used] Thanks. On Tue, May 3, 2016 at 3:15 PM, Emmanuel Lécharny <[email protected]> wrote: > Le 03/05/16 18:50, Hal Deadman a écrit : > > I have a replicated directory in my dev lab where the admin user has an > > expired password on one of the two servers. Since I can't login as admin, > > how might I go about resetting the password on that user short of > > re-creating the instance? > > the uid=admin,ou=system user bypasses the passwordPolicy (at least in > the latest version). That shpuld allow you to change the password. > > What version are you using ? > >
