I'm really not that familiar with ppolicy (we don't use it here), so somebody else might have more specific details. However, I'd imagine that you either need to modify the
ppolicy_default "cn=Standard Policy,ou=Policies,dc=eagleaccess,dc=com"
using the rootdn, or you need to modify the entry "cn=proxyAgent,ou=Profile,dc=eagleaccess,dc=com" using the rootdn, to either update the proxyAgent entry (so its' password is not expired) or grant an exemption (in the policy) to the proxyAgent.
On Mon, 27 Aug 2007, Paul J. Pathiakis wrote:
Hi,
Could someone tell me what type of entry I could create (inetOrgPerson, account, etc) in the ou=Profile,dc=eagleaccess,dc=com directory that would allow me to have a proxy password entry without a password policy overlay control?
I think this is my last hurdle to get through here.
Thank you,
Paul Pathiakis
-----Original Message----- From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] Sent: Mon 8/27/2007 5:20 PM To: Paul J. Pathiakis Cc: openldap-software@openldap.org Subject: RE: Syncrepl and proxyAgent password expiration
Something is clearly feeding
ppolicy_bind: Entry cn=proxyAgent,ou=Profile,dc=eagleaccess,dc=com
to your server. If you're looking to deprecate that and make a new DN starting "uid=proxyAgent", you're going to have to change everything that has the old one.
On Mon, 27 Aug 2007, Paul J. Pathiakis wrote:
Hi,
just as someone was answering the question, I got the second part of it by just using the rootdn of the master provider. (I went back to square one and wiped everything on the consumer.) Now, I'm stuck with a "simple" problem of the Solaris 9 clients in my network coming back with the Error 49 problem of invalid credentials. I've created a security object for the proxyAgent and I'm trying to initialize its use. However, this now has a userid attribute instead of cn. Is this going to cause me any grief?
Thank you,
Paul Pathiakis