Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please can you help me identify why I'm not able to configure a password policy ?
As you can see below, the password policy has been configured, but when I test it, It's not working....
I'm running the 389-ds server on Linux Suse15 sp2
# uname -a
Linux dl360s-04 5.3.18-24.15-default #1 SMP Thu Sep 3 22:48:37 UTC 2020 (b3a3711) x86_64 x86_64 x86_64 GNU/Linux
- Here is the definition of the password policy I want to apply :
According to the last line for example, it should not accept any password length below 20.
LDAP_SERVER:~ # dsconf -D "cn=Directory Manager" ldap://LDAP_SERVER.example.fr localpwp get "ou=people,dc=example,dc=fr"
Enter password for cn=Directory Manager on ldap://LDAP_SERVER.example.fr:
Local Subtree Policy Policy for "ou=people,dc=example,dc=fr": cn=cn\3DnsPwPolicyEntry3\2Cou\3Dpeople\2Cdc\3Dexample\2Cdc\3Dfr,cn=nsPwPolicyContainer,ou=people,dc= example,dc=fr
------------------------------------
passwordstoragescheme: PBKDF2_SHA256
passwordchange: off
passwordmustchange: on
passwordinhistory: 4
passwordwarning: 2500
passwordmaxage: 6000
passwordminage: 2000
passwordgracelimit: 1
passwordlockout: on
passwordlockoutduration: 1000
passwordmaxfailure: 1
passwordresetfailurecount: 300
passwordminlength: 20
- Here is the definition of the container :
# ldapsearch -x -v -LL -h LDAP_SERVER -p 389 -D cn="Directory Manager" -w PASSWORD1234 -b "cn=nsPwPolicyContainer,ou=people,dc=example,dc=fr"
dn: cn=nsPwPolicyContainer,ou=people,dc=example,dc=fr
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
Here we'll try an ldapmodify, by logging with the test user (user6), we try to edit the password of the user which is less than 20 characters, but unfortunately it works...
Hi all,
Please can you help me identify why I'm not able to configure a password policy ? As you can see below, the password policy has been configured, but when I test it, It's not working.... I'm running the 389-ds server on Linux Suse15 sp2
# uname -a
Linux dl360s-04 5.3.18-24.15-default #1 SMP Thu Sep 3 22:48:37 UTC 2020 (b3a3711) x86_64 x86_64 x86_64 GNU/Linux
Here is the definition of the password policy I want to apply: According to the last line for example, it should not accept any password length below 20.
Code:
LDAP_SERVER:~ # dsconf -D "cn=Directory Manager" ldap://LDAP_SERVER.example.fr localpwp get "ou=people,dc=example,dc=fr"
Enter password for cn=Directory Manager on ldap://LDAP_SERVER.example.fr:
Local Subtree Policy Policy for "ou=people,dc=example,dc=fr": cn=cn\3DnsPwPolicyEntry3\2Cou\3Dpeople\2Cdc\3Dexample\2Cdc\3Dfr,cn=nsPwPolicyContainer,ou=people,dc=example,dc=fr
------------------------------------
passwordstoragescheme: PBKDF2_SHA256
passwordchange: off
passwordmustchange: on
passwordinhistory: 4
passwordwarning: 2500
passwordmaxage: 6000
passwordminage: 2000
passwordgracelimit: 1
passwordlockout: on
passwordlockoutduration: 1000
passwordmaxfailure: 1
passwordresetfailurecount: 300
passwordminlength: 20
TEST: Here we'll try an ldapmodify, by logging with the test user (user6), we try to edit the password of the user which is less than 20 characters, but unfortunately it works...
Please use CODE tags when posting configs..makes things much easier to read. Have you had experience with Linux in the past? I ask, because what *MIGHT* be the problem is that the directives you've supplied for password policies are all lower-case. Have you looked at the logs related to this when you start the service? https://directory.fedoraproject.org/...rd-syntax.html
Try passwordMinLength instead, and see if that helps. And have you tried going in through the GUI and setting those values, or have you restarted the service after making those changes?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
