[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Operational attribute pwdFailureTime not being added to entries



On Friday 14 March 2008 00:11:57 Ryan Steele wrote:
> Hello,
>
> First let me thank the gracious folks on this list who have lent their
> advice to me on my path towards implementing ppolicy.  I'm making
> progress; I can reject new passwords based on password history, and
> reject weak passwords.  However, I'm having a bit of a time trying to
> get the lockouts to work.  My policy is defined as:
>
> 56 cn=Password Policy,ou=Policies,dc=example,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: Password Policy
> pwdAttribute: userPassword
> pwdMaxAge: 3888000
> pwdMinLength: 6
> pwdExpireWarning: 432000
> pwdFailureCountInterval: 0
> pwdMustChange: FALSE
> pwdAllowUserChange: TRUE
> pwdSafeModify: TRUE
> pwdLockout: TRUE
> pwdCheckQuality: 1
> pwdGraceAuthNLimit: 0
> pwdInHistory: 6
> pwdLockoutDuration: 60
> pwdMaxFailure: 3
>
>
> However, even after many failure attempts, I see no pwdFailureTime
> attributes in the offending user's entry:

This worked without any complications for me (on various versions of 2.3, most 
recently 2.3.34, and currently 2.3.40).

How are you testing?

Regards,
Buchan