Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

DSEE 6.3.1 password policy issue

811847Feb 16 2011 — edited Feb 17 2011
We're rolling out a network wide password policy on both our LDAP and AD environments. The two are synchronized using Identity Synchronization for Windows 6.0. Today, in my test environment I enabled the password policies that we plan to implement. Since we never had any 5.x directory servers, I set the password policy mode to be Directory Server 6 mode. After configuring everything I tried changing a users password in the AD domain and ISW picked up the change however the following error showed up in the ISW audit log:
[16/Feb/2011:16:56:03.957 -0500] FINE    18  CNN100 beer-ds01  "LDAP operation on entry uid=tuser,ou=people,dc=beer,dc=com failed at ldaps://beer-ds01.lab.endeca.com:636, error(53): LDAP server is unwilling to perform ((Password Policy: modify policy entry) "objectClass=passwordPolicy" is not supported in pwdCompat:4 (DS6-mode).)." (Action ID=CNN101-12E30785AA8-1, SN=7)
When I then tried the same password change directly against the directory server using ldapmodify, I saw the same error:
# ldapmodify -D 'cn=directory manager' -w endeca123                      
dn: uid=tuser,ou=people,dc=beer,dc=com
changetype: modify
replace: userpassword
userpassword: !changem3!

modifying entry uid=tuser,ou=people,dc=beer,dc=com
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: (Password Policy: modify policy entry) "objectClass=passwordPolicy" is not supported in pwdCompat:4 (DS6-mode).
The password policy is:
version: 1
dn: cn=Password Policy,cn=config
objectClass: top
objectClass: ldapsubentry
objectClass: pwdPolicy
objectClass: sunPwdPolicy
cn: Password Policy
pwdAttribute: userPassword
passwordStorageScheme: CRYPT
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
passwordRootdnMayBypassModsChecks: off
pwdInHistory: 10
pwdMinAge: 86400
pwdCheckQuality: 2
pwdMinLength: 6
pwdMustChange: FALSE
pwdMaxAge: 15552000
pwdExpireWarning: 86400
pwdGraceAuthNLimit: 0
pwdKeepLastAuthTime: FALSE
pwdLockout: TRUE
pwdMaxFailure: 5
pwdFailureCountInterval: 1800
pwdIsLockoutPrioritized: TRUE
pwdLockoutDuration: 1800
I'm at a complete loss as to what causing this problem and am not sure what steps to take to figure out how to fix it. Can anyone offer some help?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 17 2011
Added on Feb 16 2011
#error, #identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee, #password
4 comments
358 views