Subject: Re: Schema-Compliant Issues -- OpenDJ
Author: eLDAP
In response to: Schema-Compliant Issues -- OpenDJ
Posted on: 11/15/2011 06:08:47 PM
For encoded password issue, OpenDS cannot verify that pre-encrypted password matches the password policy and therefore rejects them by default, with the following error : LDAP: error code 53 - Pre-encoded passwords are not allowed for the password attribute userPassword.
To allow pre-encrypted passwords, the default password policy settings must be changed, and the advanced property "allow-pre-encoded-passwords" set to "true". Use "dsconfig --advanced" to see the advanced properties or open policy cn=Default Password Policy,cn=Password Policies,cn=config to change it.
>
> On 10/20/2011 03:35:28 PM eLDAP wrote:
Even with the "schema-check" being set as "false", OpenDJ does not allow the followings:
1) To modify/add NO-USER-MODIFICATION attributes
"Entry xxx cannot be added because it
includes attribute xxx which is defined as NO-USER-MODIFICATION in the
server schema"
2) To add not-defined or obsolete objectclasses
"Object class xxx cannot be added to entry xxx because that class is not defined in the Directory Server schema"
3) To modify/add encoded passwords
"Pre-encoded passwords are not allowed for the password attribute xxx"
References:
