Re: pwdChangedTime not defined when creating new entry
Le 06/03/2020 à 17:47, Quanah Gibson-Mount a écrit :
--On Friday, March 6, 2020 8:47 AM +0000 Manuela Mandache
<manuela.mandache(a)protonmail.com> wrote:
> Hello Clément,
>
> Thanks for your answer. Well, if you don't get the same behavior as I
> do,
> it does seem I have a configuration issue. But what configuration issue
> can that be? Where should I look for it?
>
> The present dynamic configuration of the directory running on 2.4.44 was
> obtained through direct conversion of the static configuration of the
> directory running on 2.3.34 - where the pwdChangedTime is set when I add
> a new entry with ldapadd.
I might start with seeing if there are noticable differences between
the 2.3 and 2.4 ppolicy man pages. And perhaps Clément can share the
config he was working with. :)
Here is the overlay configuration:
dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: TRUE
olcPPolicyForwardUpdates: FALSE
The LDIF of the created entry:
dn: uid=testpolicy,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
pwdPolicySubentry: cn=default,ou=ppolicies,dc=example,dc=com
uid: testpolicy
userPassword::
e1NTSEEyNTZ9VyttdTB0eU5LZThnamFDajBaU0J2Tm9MRFJ0anNTbDZqUkk1WTZ
MREk2V1lSZlhCZ0YvRndBPT0=
sn: test
cn: test
The related ppolicy :
dn: cn=default,ou=ppolicies,dc=example,dc=com
objectClass: device
objectClass: extensibleObject
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 86400
pwdGraceAuthNLimit: 0
pwdInHistory: 4
pwdLockout: TRUE
pwdMaxAge: 31536000
pwdMaxFailure: 3
pwdMinAge: 0
pwdMinLength: 4
pwdMustChange: TRUE
pwdSafeModify: FALSE
--
Clément Oudot | Identity Solutions Manager
clement.oudot(a)worteks.com
Worteks | https://www.worteks.com