Created attachment 396063 [details] Proposed patch to 389-ds-console Description of problem: 389-ds-console ( 389-ds-1.2.jar ) still use double quotes to wrap target DN when creating fine grained password policies. GUI Procedure create nsPwPolicy_CoS,nsPwPolicyContainer and PwPolicyEntry correctly but then fail silently during nsPwTemplateEntry creation. Password policy structure require nsPwTemplateEntry to reference PwPolicyEntry's DN into pwdpolicysubentry attribute, but, double quotes escaping is not accepted by 1.3.6.1.4.1.1466.115.121.1.12 (DN) syntax, enforced on pwdpolicysubentry attribute. If I set nsslapd-syntaxcheck:off on cn=config password policy GUI create nsPwTemplateEntry correctly and policies work fine. Attached is a patch for 389-ds-console to change the way entries CNs are written, it now works accordingly to ns-newpwpolicy.pl syntax thus quoting commas on CN. example: before patch: cn="cn=nsPwPolicyEntry,ou=test,o=example.com",cn=nsPwPolicyContainer,ou=test,o=example.com after patch: cn=cn=nsPwPolicyEntry\,ou=test\,o=example.com,cn=nsPwPolicyContainer,ou=test,o=example.com Version-Release number of selected component (if applicable): 389-ds-base-1.2.5-1.el5 389-ds-console-1.2.0-5.el5 Steps to Reproduce: Ensure nsslapd-syntaxcheck is set to "on", enable fine-grained password policies on Data, create a subtree policy, check if nsPwTemplateEntry is correctly created. Actual results: nsPwTemplateEntry is not present Expected results: nsPwTemplateEntry is present and has pwdpolicysubentry attribute referencing PwPolicyEntry. Additional info: This issue is indirectly referenced by Bug 504817
Fixed with this change: commit 78c50664d6421cc5d0836bb03820680dc2cb7acf Author: Noriko Hosoi <nhosoi> Date: Mon Apr 26 11:03:52 2010 -0700 Update to New DN Format
verified - RHEL 4 version: redhat-ds-base-8.2.0-2010051204.el4dsrv redhat-ds-console-8.2.0-2.el4dsrv ldapsearch -x -h hostname.company.com -p 389 -D "cn=Directory Manager" -w Secret -b "cn=config" | grep syntaxcheck nsslapd-syntaxcheck: on Successfully created global, subtree and user password policies from console.