Hi Apigeeks,
We were trying to reset the password expiry and lockout policies at LDAP. We are on OPDK 14.17.01.05.
We fixed the lockout and maxAge on sysadmin but for default users in LDAP we were not able to find any objects corresponding to DN "cn=default,ou=pwpolicies,dc=apigee,dc=com'.
below is the LDAP search query we are using on LDAP node.
ldapsearch -H ldap://localhost:10389 -x -D "cn=manager,dc=apigee,dc=com" -W -b "cn=default,ou=pwpolicies,dc=apigee,dc=com"
This is the output we got from above command:
# extended LDIF
#
# LDAPv3
# base <cn=default,ou=pwpolicies,dc=apigee,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
matchedDN: ou=pwpolicies,dc=apigee,dc=com
# numResponses: 1
The same command works in our dev/uat environments but not in PROD.
Although the users are able to login right now. So not sure if the default CN is configured properly or not.
How can I find the settings for default CN and how can we fix this?
- Thanks
Solved! Go to Solution.
Here are the default settings for that DN:
dn: cn=default,ou=pwpolicies,dc=apigee,dc=com objectClass: person objectClass: pwdPolicy objectClass: top cn: default pwdAttribute: userPassword sn: dummy value pwdExpireWarning: 604800 pwdInHistory: 3 pwdLockout: TRUE pwdLockoutDuration: 300 pwdFailureCountInterval: 300 pwdMaxAge: 2592000 pwdMaxFailure: 3 pwdMinLength: 8
You can paste those values into an LDIF file and use ldapadd to insert them:
ldapadd -H ldap://localhost:10389 -D cn=manager,dc=apigee,dc=com -W -f default.ldif
Here are the default settings for that DN:
dn: cn=default,ou=pwpolicies,dc=apigee,dc=com objectClass: person objectClass: pwdPolicy objectClass: top cn: default pwdAttribute: userPassword sn: dummy value pwdExpireWarning: 604800 pwdInHistory: 3 pwdLockout: TRUE pwdLockoutDuration: 300 pwdFailureCountInterval: 300 pwdMaxAge: 2592000 pwdMaxFailure: 3 pwdMinLength: 8
You can paste those values into an LDIF file and use ldapadd to insert them:
ldapadd -H ldap://localhost:10389 -D cn=manager,dc=apigee,dc=com -W -f default.ldif
@Mohammed Zuber Can you run these command and see if pwpolicy is originally configured for default?
ldapsearch -o ldif-wrap=no -H ldap://localhost:10389 -xLLL -b "cn=config" -D cn=admin,cn=config -W olcOverlay={0}ppolicy
ldapsearch -o ldif-wrap=no -H ldap://localhost:10389 -xLLL -b "ou=pwpolicies,dc=apigee,dc=com" -D cn=manager,dc=apigee,dc=com -W dn
-Thanks
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 |