Hi,
I need help on ppolicy as this is the first time I try to use it for company internal use. I search the mail listing and web and cannot find same problem.
I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g. First I started slapd without ppolicy, and things works fine. Then, I added ppolicy overlay/schema. slapd started/loaded fine. But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user.
Thanks.
Here are the ppolicy related entries/ldif for my slapd.conf
include /usr/local/openldap/etc/openldap/schema/ppolicy.schema
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com"
ppolicy_use_lockout
dn: ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit
dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard Policy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device