On 07/17/2013 05:47 PM, Nerijus Kislauskas wrote:
Hi community,
We want implement password politics in our DIT, and are testing ppolicy and found issues using olcPasswordHash, Password Modify Extension and so. Here are my testings:
Hi everyone,
I think I found the solution. Because we had all forms of passwords in cn=config somehow frontend database inherited them. LDIF below seems did a trick:
dn: cn=config changetype: modify delete: olcPasswordHash
dn: olcDatabase={-1}frontend,cn=config changetype: modify delete: olcPasswordHash
Now default is {SSHA} as said in documentation. Why "frontend" inherits olcPasswordHash from "cn=config"? What "frontend" database is for? I basicaly working with cn=config and our database, why I should also deconfigure something from "frontend" to restore defaults?
Also ppolicy error message "Additional info: Password policy only allows one password value" is gone now and ppolicy overlay is working as expected.