This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

LDAP resetting password expiry and lockout settings

Posted on 12-06-2017 11:38 PM
zubermohammad
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

Hi Apigeeks,

We were trying to reset the password expiry and lockout policies at LDAP. We are on OPDK 14.17.01.05.

We fixed the lockout and maxAge on sysadmin but for default users in LDAP we were not able to find any objects corresponding to DN "cn=default,ou=pwpolicies,dc=apigee,dc=com'.

below is the LDAP search query we are using on LDAP node.

ldapsearch -H ldap://localhost:10389 -x -D "cn=manager,dc=apigee,dc=com" -W -b "cn=default,ou=pwpolicies,dc=apigee,dc=com"

This is the output we got from above command:

# extended LDIF
#
# LDAPv3
# base <cn=default,ou=pwpolicies,dc=apigee,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
matchedDN: ou=pwpolicies,dc=apigee,dc=com

# numResponses: 1

The same command works in our dev/uat environments but not in PROD.

Although the users are able to login right now. So not sure if the default CN is configured properly or not.

How can I find the settings for default CN and how can we fix this?

- Thanks

Solved Solved
0 2 1,090
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

Here are the default settings for that DN:

dn: cn=default,ou=pwpolicies,dc=apigee,dc=com
objectClass: person
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
sn: dummy value
pwdExpireWarning: 604800
pwdInHistory: 3
pwdLockout: TRUE
pwdLockoutDuration: 300
pwdFailureCountInterval: 300
pwdMaxAge: 2592000
pwdMaxFailure: 3
pwdMinLength: 8

You can paste those values into an LDIF file and use ldapadd to insert them:

ldapadd -H ldap://localhost:10389 -D cn=manager,dc=apigee,dc=com -W -f default.ldif

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

Here are the default settings for that DN:

dn: cn=default,ou=pwpolicies,dc=apigee,dc=com
objectClass: person
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
sn: dummy value
pwdExpireWarning: 604800
pwdInHistory: 3
pwdLockout: TRUE
pwdLockoutDuration: 300
pwdFailureCountInterval: 300
pwdMaxAge: 2592000
pwdMaxFailure: 3
pwdMinLength: 8

You can paste those values into an LDIF file and use ldapadd to insert them:

ldapadd -H ldap://localhost:10389 -D cn=manager,dc=apigee,dc=com -W -f default.ldif

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Mohammed Zuber Can you run these command and see if pwpolicy is originally configured for default?

ldapsearch -o ldif-wrap=no -H ldap://localhost:10389 -xLLL -b "cn=config" -D cn=admin,cn=config -W olcOverlay={0}ppolicy

ldapsearch -o ldif-wrap=no -H ldap://localhost:10389 -xLLL -b "ou=pwpolicies,dc=apigee,dc=com" -D cn=manager,dc=apigee,dc=com -W dn

-Thanks

Jump to Solution
0 Likes