[Fedora-directory-users] FDS Password policy and passsync
Hugo Etievant
hugo.etievant at inrp.fr
Thu Mar 12 10:41:42 UTC 2009
hello,
Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora
8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.
Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.
But some passwords are not synchronized betwen AD and FDS (in this way
only).
error message in log :
03/12/09 09:49:01: Ldap error in ModifyPassword
19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry:
uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar
details of password policy in FDS :
nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10
details of password policy in AD (i use "Windows Server 2003 Password
Complexity Requirements") :
* Passwords cannot contain the user's account name or parts of the
user's full name that exceed two consecutive characters.
* Passwords must be at least 6 characters in length.
* Passwords must contain characters from three of the following four
categories:
1.
English uppercase characters (A through Z).
2.
English lowercase characters (a through z).
3.
Base 10 digits (0 through 9).
4.
Non-alphabetic characters (for example, !, $, #, %).
password history = 10
max age : 730 days
password min len : 8
Why some of my users ahve problems (FDS no not accept new Windows
password) ?
regards
--
* Hugo Étiévant *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090312/c4341f4c/attachment.htm>
More information about the Fedora-directory-users
mailing list