[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Operational attribute pwdFailureTime not being added to entries
On Friday 14 March 2008 00:11:57 Ryan Steele wrote:
> Hello,
>
> First let me thank the gracious folks on this list who have lent their
> advice to me on my path towards implementing ppolicy. I'm making
> progress; I can reject new passwords based on password history, and
> reject weak passwords. However, I'm having a bit of a time trying to
> get the lockouts to work. My policy is defined as:
>
> 56 cn=Password Policy,ou=Policies,dc=example,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: Password Policy
> pwdAttribute: userPassword
> pwdMaxAge: 3888000
> pwdMinLength: 6
> pwdExpireWarning: 432000
> pwdFailureCountInterval: 0
> pwdMustChange: FALSE
> pwdAllowUserChange: TRUE
> pwdSafeModify: TRUE
> pwdLockout: TRUE
> pwdCheckQuality: 1
> pwdGraceAuthNLimit: 0
> pwdInHistory: 6
> pwdLockoutDuration: 60
> pwdMaxFailure: 3
>
>
> However, even after many failure attempts, I see no pwdFailureTime
> attributes in the offending user's entry:
This worked without any complications for me (on various versions of 2.3, most
recently 2.3.34, and currently 2.3.40).
How are you testing?
Regards,
Buchan