I saw that in the Doc, it now working fine. Thanks a lot.
On Thu, Sep 27, 2018 at 12:18 PM Mark Reynolds <mreyno...@redhat.com> wrote: > > > On 09/26/2018 04:15 PM, Mark Reynolds wrote: > > > > On 09/26/2018 03:51 PM, Alberto Viana wrote: > > Hi Mark, > > I already have this configuration but stopped to working after I enabled > my password policy. Another thing is the error changed, its not the same > when was missing prehashed config and my password was set to off. > > > When you turn syntax checking on then Password Admin functionally breaks, > correct? If so, it sounds like a bug then. Please file a ticket with the > exact steps to reproduce the problem. > > Actually I think you need to set (again) psswordAdminDN in each subtree > policy. Please try this and let me know if it works. > > Thanks, > Mark > > > https://pagure.io/389-ds-base/new_issue > > Thanks, > Mark > > > On Wed, Sep 26, 2018, 16:47 Mark Reynolds <mreyno...@redhat.com> wrote: > >> Hi Alberto, >> >> Only Directory Manager or a Password Admin can add pre-hashed passwords. >> It has nothing to do with password policy settings. For more on password >> admins see: >> >> >> https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/password_administrators >> >> HTH, >> >> Mark >> >> On 09/26/2018 02:31 PM, Alberto Viana wrote: >> >> I have a password applied globally like this: >> >> dn: >> cn=cn\3DnsPwPolicyEntry\2CDC\3Dmy\2CDC\3Ddomain,cn=nsPwPolicyContainer,dc= >> my,dc=domain >> passwordLockout: off >> passwordGraceLimit: 50 >> passwordWarning: 86400 >> passwordInHistory: 3 >> passwordMinLength: 8 >> passwordMinCategories: 3 >> passwordStorageScheme: SSHA512 >> passwordChange: on >> passwordMaxAge: 31536000 >> passwordCheckSyntax: on >> passwordExp: on >> objectClass: top >> objectClass: ldapsubentry >> objectClass: passwordpolicy >> cn: cn=nsPwPolicyEntry,DC=my,DC=domain >> >> In a sub OU, I have this policy: >> >> # >> cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\2Cdc\3 >> Ddomain, nsPwPolicyContainer, POPS, EXTERNOS, my, my.domain >> dn: >> cn=cn\3DnsPwPolicyEntry\2Cou\3DPOPS\2COU\3DEXTERNOS\2Cou\3Dmy\2Cdc\3Dmy\ >> >> >> 2Cdc\3Ddomain,cn=nsPwPolicyContainer,ou=POPS,OU=EXTERNOS,ou=my,dc=my,dc=domain >> passwordLockout: off >> passwordGraceLimit: 50 >> passwordStorageScheme: SSHA >> passwordChange: on >> passwordMaxAge: 31536000 >> passwordCheckSyntax: off >> passwordExp: off >> objectClass: top >> objectClass: ldapsubentry >> objectClass: passwordpolicy >> cn: cn=nsPwPolicyEntry,ou=POPS,OU=EXTERNOS,dc=my,dc=domain >> >> But when I try to add a prehashed password on this sub OU, I see this >> kind of error: >> LDAP: error code 19 - invalid password syntax - passwords with storage >> scheme are not allowed >> >> Is this an expected behavior even if in sub OU I have an password policy >> with passwordCheckSyntax set to off? If so, do I have any way to disable >> this behavior? (but I can not disable my global password policy) >> >> PS: The password policy is respecting the fact of passwordCheckSyntax is >> set to off when I try to add a simple password like '1234'. >> >> >> >> _______________________________________________ >> 389-users mailing list -- 389-us...@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-us...@lists.fedoraproject.org >> >> >> > > _______________________________________________ > 389-users mailing list -- 389-us...@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-us...@lists.fedoraproject.org > > > > > _______________________________________________ > 389-users mailing list -- 389-us...@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-us...@lists.fedoraproject.org > > >
_______________________________________________ 389-users mailing list -- 389-us...@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-us...@lists.fedoraproject.org
