[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy overlay password problem



The test022 script in the bundled test suite specifically tests for authentication using an incorrect password, and this test works correctly in my 2.3.11 build. As such, I do not believe there is any bug in OpenLDAP software here. You should check whatever software you're using to "login."

Baoning Pan wrote:
Hi,

I need help on ppolicy as this is the first time I try to use it for company internal use. I search the mail listing and web and cannot find same problem.

I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g. First I started slapd without ppolicy, and things works fine. Then, I added ppolicy overlay/schema. slapd started/loaded fine. But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user.

Thanks.


Here are the ppolicy related entries/ldif for my slapd.conf

include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema
overlay         ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com"
ppolicy_use_lockout


dn: ou=Policies,dc=n2p,dc=com objectClass: top objectClass: organizationalUnit ou: Policies structuralObjectClass: organizationalUnit

dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard Policy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device




--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/