On 07/17/2013 05:47 PM, Nerijus Kislauskas wrote:

Hi community,

We want implement password politics in our DIT, and are testing ppolicy and found issues using olcPasswordHash, Password Modify Extension and so. Here are my testings:

Hi everyone,

I think I found the solution. Because we had all forms of passwords in cn=config somehow frontend database inherited them. LDIF below seems did a trick:

dn: cn=config
changetype: modify
delete: olcPasswordHash

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcPasswordHash

Now default is {SSHA} as said in documentation. Why "frontend" inherits olcPasswordHash from "cn=config"? What "frontend" database is for? I basicaly working with cn=config and our database, why I should also deconfigure something from "frontend" to restore defaults?

Also ppolicy error message "Additional info: Password policy only allows one password value" is gone now and ppolicy overlay is working as expected.

-- 
Pagarbiai,
Nerijus Kislauskas
KTU ITD, Litnet valdymo centras
Studentu g. 48a - 101, Kaunas
tel.: (8~37) 30 06 45
mob. tel.: 8-614-93889
e-mail.: nerijus.kislauskas@ktu.lt