ilanni2460
commented
3 years ago @coudot need you
Closed ilanni2460 closed 3 years ago
ilanni2460
commented
3 years ago @coudot need you
coudot
commented
3 years ago It should mean that your non administrator account cannot read the ppolicy entry, so can't check if the password has expired or not. Adapt your ACL.
ilanni2460
commented
3 years ago @coudot If I use this non administrator account, the pwdChangedTime field of the account can be queried through the ldapsearch command and this account has permission to access this password policy
coudot
commented
3 years ago Check that the account can read pwdMaxAge value of the ppolicy entry.
ilanni2460
commented
3 years ago @coudot Yes, what you said is very correct. It is indeed because this account does not have permission to query the pwdMaxAge field. Now it is ok to re-adjust the ACL policy for this account. Thank you very much, you are so awesome the acl : olcAccess: {6} to dn.subtree="cn=default,ou=policies,dc=ilanni,dc=com" by dn.children="cn=security_account,ou=policies,dc=ilanni,dc=com" read by * none
Recently, a problem was discovered in the process of using the service desk。 The service desk does not show that the password has expired, use non-ldap management users
If you use the ldap administrator user to query the account, it can show that the account password has expired on the web page:
If you use ldap as a non-administrator user, and you can query the account, it cannot show that the account password has expired on the web page:
The content of the service desk configuration file is as follows: