[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4134) pwdFailureTime entries not deleted after successful BIND

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4134) pwdFailureTime entries not deleted after successful BIND
From: hyc@symas.com
Date: Thu, 3 Nov 2005 19:56:31 GMT

stran@amnh.org wrote:
> Just built and installed HEAD.
>
> After 'pwdMaxFailure' failed binds the user account is locked. Resetting
> the password deletes the attributes pwdAccountLockedTime and
> pwdFailureTime.
>
>   
OK, good.

> However if I intentionally failed a bind once and then do a successful
> bind, the pwdFailureTime is not deleted as described in man
> slapo-ppolicy.
>   
That works for me, has been working for a long time. Try running slapd 
with debug -d7 and do the binds. You should see an internal modify 
operation with each bind, to update these attributes. Make sure they end 
with "send_ldap_result: err=0" or find out what error they're getting, 
if any.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4117) slapd-ldap killed by a broken client
Next by Date: (ITS#4139) ./scripts/relay: line 374: 17893 Segmentation fault $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >$LOG1
Index(es):
- Chronological
- Thread