5 Replies Latest reply on Jun 17, 2019 6:40 PM by IDAM_EUS

    Can't modify password policy for user(s)

    3710078

      I've created a new password policy based on the default password policy named "Test Password Policy". I would like to change a specific user to this new policy.

      See the steps I've completed below:

       

      Change pwdPolicySubentry to use the our new policy (Test Password Policy):

       

      ldapmodify -h myserver -D "cn=Directory Manager" -W -f AddPasswordPolicytoUser.ldif

       

      Contents of AddPasswordPolicytoUser.ldif (also note that I've tried add instead of replace)

      dn: uid=testuser,ou=people,dc=base

      changetype: modify

      replace: pwdPolicySubentry

      pwdPolicySubentry: cn=Test Password Policy,cn=config

       

      Check to see if the change applied

       

      ldapsearch -h myserver -D "cn=Directory Manager" -b "ou=People,dc=base" -W -s sub "(uid=testuser)" pwdPolicySubentry

       

      response:

      # extended LDIF

      #

      # LDAPv3

      # base <ou=People,dc=base> with scope subtree

      # filter: (uid=testuser)

      # requesting: pwdPolicySubentry

      #

       

      # testuser, people, base

      dn: uid=testuser,ou=people,dc=base

      pwdPolicySubentry: cn=peoplePassPolicy,dc=base

       

      # search result

      search: 2

      result: 0 Success

       

      # numResponses: 2

      # numEntries: 1

       

      As you can see the pwdPolicySubentry is not set to Test Password Policy,cn=config

       

      ldap software info: DSEE11

      Sun Directory Server 11.1.7.171017

       

      Please advise