On 07/17/2013 05:47 PM, Nerijus Kislauskas wrote:
Hi community,
We want implement password politics in our DIT, and are testing
ppolicy and found issues using olcPasswordHash, Password Modify
Extension and so. Here are my testings:
Hi everyone,
I think I found the solution. Because we had all forms of
passwords in cn=config somehow frontend database inherited
them. LDIF below seems did a trick:
dn: cn=config
changetype: modify
delete: olcPasswordHash
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcPasswordHash
Now default is {SSHA} as said in documentation. Why "frontend"
inherits olcPasswordHash from "cn=config"? What "frontend" database
is for? I basicaly working with cn=config and our database, why I
should also deconfigure something from "frontend" to restore
defaults?
Also ppolicy error message "Additional info: Password policy only
allows one password value" is gone now and ppolicy overlay is
working as expected.
--
Pagarbiai,
Nerijus Kislauskas
KTU ITD, Litnet valdymo centras
Studentu g. 48a - 101, Kaunas
tel.: (8~37) 30 06 45
mob. tel.: 8-614-93889
e-mail.: nerijus.kislauskas@ktu.lt