Hi,

Recently i have setup 389 DS on my CentOS machine.Now yesterday i m able to reset user's password. Now i m not able to reset it....

I have checked my directory server's setting and found that i have mistakenly set "disallow_pw_change_aci" ACL. Now i have deleted this one. But whenever i restart my dirsrv and dirsrv-admin services i see "disallow_pw_change_aci" ACL again in my directory server.

Que.1 Now how to remove parmanently ?

And secondly when i remove this from directory server and then try to change password i am getting below error:-

$ passwd
Changing password for user psharma.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Server is unwilling to perform
user is not allowed to change password
passwd: Permission denied
$


Que.2 Now how to sort out this one... ?

Que.3 And one more question is, where i will find all these logs...if someone file these command at client as well as server machine(i.e. ldapsearch, ldapadd, ldapdelete, passwd, passwd lock etc...)


Thank you.
Piyush

Hi,

After hunting more in logs i got following message, Please check below :-

[31/Dec/2010:14:21:00 +051800] conn=296 op=3 BIND dn="" method=128 version=3
[31/Dec/2010:14:21:00 +051800] conn=296 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[31/Dec/2010:14:21:03 +051800] conn=295 op=3 SRCH base="dc=example,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uidNumber=1001))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[31/Dec/2010:14:21:03 +051800] conn=295 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[31/Dec/2010:14:21:06 +051800] conn=296 op=4 BIND dn="uid=psharma,ou=People,dc=example,dc=com" method=128 version=3
[31/Dec/2010:14:21:06 +051800] conn=296 op=4 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=psharma,ou=people,dc=example,dc=com"
[31/Dec/2010:14:21:06 +051800] conn=296 op=5 RESULT err=53 tag=103 nentries=0 etime=0
[31/Dec/2010:14:21:06 +051800] conn=296 op=5 MOD dn="uid=psharma,ou=People,dc=example,dc=com", user is not allowed to change password
[31/Dec/2010:14:21:08 +051800] conn=296 op=7 UNBIND
[31/Dec/2010:14:21:08 +051800] conn=296 op=7 fd=88 closed - U1
[31/Dec/2010:14:21:08 +051800] conn=295 op=-1 fd=87 closed - B1



Thanks,
Piyush

Hi,

I got the solution. I follow the below steps and its done.

389 DS Console >>
Configurations >>
DATA >>
Under the Passwords Tab >>
Enable Create user level password policy >>
Enable the Check password syntax >>
for the encryption method select Unix crypt algorithm (CRYPT) >>
click save.


Thanks,
Piyush