[Fedora-directory-users] Problem with Password Policy : dirsrv service restart required !
Hugo Etievant
hugo.etievant at inrp.fr
Mon Oct 27 15:10:26 UTC 2008
Hello,
I try to use the global password policy in order to forbid the change of
user password.
I put the field "User may change password" unchecked with console.
But normal users can change their own password with
/usr/lib/mozldap/ldappasswd command :
# /usr/lib/mozldap/ldappasswd -P /etc/dirsrv/slapd-fds1/ -m
/etc/dirsrv/slapd-fds1/ -D "uid=user1,ou=People,dc=example,dc=com" -w - -S
New Password:
Re-enter new Password:
Enter bind password:
ldappasswd: password successfully changed
a command-line verification into cn=config entree of DIT show the
passwordChange attribut value as "Off" :
# /usr/lib/mozldap/ldapsearch -s base -b "cn=config" -D "cn=Directory
Manager" -w - "(cn=config)" passwordChange
Enter bind password:
version: 1
dn: cn=config
passwordChange: off
I have created local password policy for my "ou=People" subtree and for
my user "User1", but user can change their own password !!!!!!
If i restart the dirsrv service on system, this item of policy is used.
CONCLUSION = All change of the field "User may change password" on
Password Policy require a restart of the LDAP daemon !
--
* Hugo Étiévant *
More information about the Fedora-directory-users
mailing list