[Bug 345965] New: yast ldap - Password Policy
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965 Summary: yast ldap - Password Policy Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: alofflambas@gmail.com QAContact: jsrain@novell.com Found By: --- I have been trying to test to create a 'Password Policy' with out getting it into the LDAP database. Error message from YaST: There was a problem with writing data to the LDAP server. Invalid syntax objectclass: value #0 invalid per syntax see y2log for more info -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User mmrazik@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c1
Martin Mrazik
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User alofflambas@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c2
Andreas Pedersen
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
Martin Mrazik
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c3
Jiří Suchomel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c4
Jiří Suchomel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
Ralf, how can I detect that policies are enabled on the server? You could the Schema if the "pwdpolicy" Objectclass if defined. That does not give a 100% accurate result, but should be good enough. (The server might have
https://bugzilla.novell.com/show_bug.cgi?id=345965
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c5
Ralf Haferkamp
Should client disable adding new policies when server doesn't have their support or should it rather change the server configuration? The client shoud not change the server configuration. In many case you can't even do that. As the LDAP Server runs on a different machine than the yast2-ldap-client module.
What needs to be done from client sude if the "support" is currently missing? You should inform the user about that and check the "pam_lookup_policy" value in /etc/ldap.conf.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c6
Jiří Suchomel
What needs to be done from client sude if the "support" is currently missing? You should inform the user about that and check the "pam_lookup_policy" value in /etc/ldap.conf.
I don't understand. If client should not change the server configuration (as stated above), than it should probably not even edit ldap.conf regarding the LDAP policy, right? We are in the situation where there is still no support at server side. I assume that the client should just disable the widgets for editing password policy objects (+ maybe inform user to configure it on server), right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c7
Ralf Haferkamp
(In reply to comment #5 from Ralf Haferkamp)
What needs to be done from client sude if the "support" is currently missing? You should inform the user about that and check the "pam_lookup_policy" value in /etc/ldap.conf.
I don't understand. If client should not change the server configuration (as stated above), than it should probably not even edit ldap.conf regarding the LDAP policy, right? I probably missunderstood the original question, but I thougt the client was already configured to handle password policies and then something on the server was change. (In that case it would make sense to inform the user about the fact, that there seems to be a missconfiguration). During the initial setup I agree, if the client detect, that the server does not support ppolicy. It should not change the ldap.conf regarding ppolicy.
We are in the situation where there is still no support at server side. I assume that the client should just disable the widgets for editing password policy objects (+ maybe inform user to configure it on server), right? Yep.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
Jiří Suchomel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c8
--- Comment #8 from Jiří Suchomel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=345965
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=345965#c9
Jiří Suchomel
participants (1)
-
bugzilla_noreply@novell.com