[Fedora-directory-users] FDS Password policy and passsync

Hugo Etievant hugo.etievant at inrp.fr
Thu Mar 12 10:41:42 UTC 2009 

hello,

Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora 
8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.

Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.

But some passwords are not synchronized betwen AD and FDS (in this way 
only).
error message in log :

03/12/09 09:49:01: Ldap error in ModifyPassword
    19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry: 
uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar


details of password policy in FDS :

nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10

details of password policy in AD (i use "Windows Server 2003 Password 
Complexity Requirements") :

    * Passwords cannot contain the user's account name or parts of the
      user's full name that exceed two consecutive characters.
    * Passwords must be at least 6 characters in length.
    * Passwords must contain characters from three of the following four
      categories:

   1.
      English uppercase characters (A through Z).
   2.
      English lowercase characters (a through z).
   3.
      Base 10 digits (0 through 9).
   4.
      Non-alphabetic characters (for example, !, $, #, %).

password history = 10
max age : 730 days
password min len : 8





Why some of my users ahve problems (FDS no not accept new Windows 
password) ?

regards

-- 
* Hugo Étiévant *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090312/c4341f4c/attachment.htm>

More information about the Fedora-directory-users mailing list