Add a so called "Password Adminstrators" role to Red Hat Directory Server 9
Issue
- when enable "user must change pw after reset", this is only valid if the "Directroy Manager" reset this password. When a different user changes the password the "reset enforcing" is not activated?
- If users are required to reset their password, only the Directory Manager is authorized to reset the user's password. A regular administrative user cannot force the users to update their password.
- I found the same box in RHDir9.1 documentation. Is this really still a problem. My 389 does not have this problem anymore.
- Can you please check if this will be fixed in RHDir8, is fixed in RHDir9 or will be fixed in RHDir9.
- Password Policy "user must change pw after reset" unusable in RHDIR8
- Previously only the root DN (e.g. cn=Directory Manager) was allowed to do certain password operations. Such operations included resetting userpasswords (forcing the user to reset the password on the next login), changing a users password to a different storage scheme that is defined in the policy, and adding already hashed passwords.
- They have to implement it due to security policy. Auditing will check if this has been done. Now directory adminstrators can define a user, or a group of users, who are "Password Administrators", for example helpdesk employees.
Environment
- Red Hat Directory Server (RHDS)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.