Le 06/03/2020 à 17:47, Quanah Gibson-Mount a écrit :
--On Friday, March 6, 2020 8:47 AM +0000 Manuela Mandache manuela.mandache@protonmail.com wrote:
Hello Clément,
Thanks for your answer. Well, if you don't get the same behavior as I do, it does seem I have a configuration issue. But what configuration issue can that be? Where should I look for it?
The present dynamic configuration of the directory running on 2.4.44 was obtained through direct conversion of the static configuration of the directory running on 2.3.34 - where the pwdChangedTime is set when I add a new entry with ldapadd.
I might start with seeing if there are noticable differences between the 2.3 and 2.4 ppolicy man pages. And perhaps Clément can share the config he was working with. :)
Here is the overlay configuration:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {0}ppolicy olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: TRUE olcPPolicyForwardUpdates: FALSE
The LDIF of the created entry:
dn: uid=testpolicy,ou=users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top pwdPolicySubentry: cn=default,ou=ppolicies,dc=example,dc=com uid: testpolicy userPassword:: e1NTSEEyNTZ9VyttdTB0eU5LZThnamFDajBaU0J2Tm9MRFJ0anNTbDZqUkk1WTZ MREk2V1lSZlhCZ0YvRndBPT0= sn: test cn: test
The related ppolicy :
dn: cn=default,ou=ppolicies,dc=example,dc=com objectClass: device objectClass: extensibleObject objectClass: pwdPolicy objectClass: top cn: default pwdAttribute: userPassword pwdAllowUserChange: TRUE pwdCheckQuality: 1 pwdExpireWarning: 86400 pwdGraceAuthNLimit: 0 pwdInHistory: 4 pwdLockout: TRUE pwdMaxAge: 31536000 pwdMaxFailure: 3 pwdMinAge: 0 pwdMinLength: 4 pwdMustChange: TRUE pwdSafeModify: FALSE