DSfW: Default Password Policy is missing

Document ID:7015573
Creation Date:22-Aug-2014
Modified Date:22-Aug-2014
- Micro Focus Products:
  eDirectory
  Open Enterprise Server
- SUSE Products:
  SUSE Linux Enterprise Server

Environment

Novell Open Enterprise Server 11 SP2 (OES 11SP2) Linux

Novell Open Enterprise Server 11 SP1 (OES 11SP1) Linux

Domain Services for Windows

DSFW

Situation

Default Password Policy is missing

Password policy for cn=computers is missing

Password policy for ou=domain controllers is missing

Deleted Default Password Policy

Modified Default Password Policy

Resolution

Import the password policy from the default ldif /var/opt/novell/xad/ds/domain/computer-container-policy.ldif

The First DSfW server in the tree will have a set of ldifs used to create and configure the domain. In most instances were an object is deleted, applying the related ldif files will restore objects and the objects configuration.

For this issue the /var/opt/novell/xad/ds/domain/computer-container-policy.ldif is the file to create and apply the password policy to the necessary container which are CN=Computers and OU=Domain Controllers

To apply the ldif use ldapadd with the -c (Continue on error) -Y EXTERNAL (Must export the LDAPCONF on the DSfW server to use other wise use -x -D cn=admin,o=novell -W) and -f (File to apply)

See TID 7003070 for more information on ldap operations on a DSfW server.

Example:

export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf

ldapadd -c -Y EXTERNAL -f /var/opt/novell/xad/ds/domain/computer-container-policy.ldif

Cause

The Default Password Policy was deleted.

Additional Information

If you get the following error:

ldap_add: Already exists (68)

additional info: NDS error: entry already exists (-606)

It means the object is already present and ldapadd is continuing on the error to do the next entry which is to modify the cn=computers container.

If you system does not have this file, create the file and copy in the contents, changing all instances of o=novell to the correct context for your directory.

Example of the /var/opt/novell/xad/ds/domain/computer-container-policy.ldif:

dn: CN=Default Password Policy,CN=Password Policies,CN=System,o=novell

changetype: add

objectClass: nspmPasswordPolicy

nspmConfigurationOptions: 832

passwordExpirationInterval: 3628800

nspmAdminsDoNotExpirePassword: TRUE

nspmSpecialCharactersAllowed: TRUE

nspmNumericCharactersAllowed: TRUE

nspmLowerAsLastCharacter: TRUE

nspmLowerAsFirstCharacter: TRUE

nspmExtendedCharactersAllowed: TRUE

nspmCaseSensitive: FALSE

nspmSpecialAsLastCharacter: TRUE

nspmSpecialAsFirstCharacter: TRUE

nspmNumericAsLastCharacter: TRUE

nspmNumericAsFirstCharacter: TRUE

passwordUniqueRequired: FALSE

loginGraceLimit: 6

passwordAllowChange: TRUE

nsimAssignments: cn=Computers,o=novell

dn: CN=Computers,o=novell

changetype: modify

replace: nspmPasswordpolicyDN

nspmPasswordpolicyDN: cn=Default Password Policy,cn=Password Policies,cn=System,o=novell

dn: OU=Domain Controllers,o=novell

changetype: modify

replace: nspmPasswordpolicyDN

nspmPasswordpolicyDN: cn=Default Password Policy,cn=Password Policies,cn=System,o=novell