[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Ppolicy DIGEST-MD5 ignore expired password
Have a nice day.
I have to implement password policy in our OpenLdap. During testing futures
of ppolicy module I found that they ignore expired password when I authenticate
user by SASL DIGEST-MD5.
When I try on exprired account:
ldapwhoami -xD "cn=Kokos Velky,ou=TestUsers,ou=People,o=Ceske drahy,c=CZ"
the answer is: ldap_bind: Invalid credentials (49)
and in slapd log:
ppolicy_bind: Entry cn=Kokos Velky,ou=TestUsers,ou=People,o=Ceske
drahy,c=CZ has an expired password: 0 grace logins
But when I try
ldapwhoami -Y DIGEST-MD5 -U kokos1
the answer is
SASL/DIGEST-MD5 authentication started
SASL username: kokos1
SASL SSF: 128
SASL installing layers
dn:cn=kokos velky,ou=testusers,ou=people,o=ceske drahy,c=cz
Result: Success (0)
In slapd.conf I have
sasl-regexp
uid=(.*),cn=digest-md5,cn=auth
"ldap:///o=Ceske drahy,c=CZ??sub?(&(uid=$1)(|(objectClass=inetOrgPerson)
(objectClass=applicationProcess)))"
What I am doing wrong?
Many thanks for advice.
Jiri Netolicky