[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ppolicy issues

To: openldap-technical@openldap.org
Subject: Ppolicy issues
From: Bryan Payne <bpayne@speedfc.com>
Date: Tue, 19 Feb 2008 15:27:21 -0600
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

I have some issues with ppolicy. It seems it recognizes expiration dates (I know this from looking in the logs, but it does not warn the user their password is expiring soon), properly locks out accounts with too many failed logins but it cannot seem to force a password change when pwdReset is set to TRUE, nor does it prevent logins when the password has expired. Any help would be greatly appreciated. I'll post the things of importance below. Please let me know if anything else would help.

[root@ldapserver ~]# ldapsearch -x -LLL cn=default
dn: cn=default,ou=policies,dc=example,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdAttribute: 2.5.4.35
pwdInHistory: 6
pwdCheckQuality: 1
pwdMinLength: 8
pwdMaxFailure: 4
pwdLockout: TRUE
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdSafeModify: FALSE
pwdLockoutDuration: 900
pwdExpireWarning: 432000
pwdGraceAuthNLimit: 1
pwdAllowUserChange: TRUE
pwdMaxAge: 7776000

From slapd.conf
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
ppolicy_use_lockout

Follow-Ups:
- Re: Ppolicy issues
  - From: Tony Earnshaw <tonni@hetnet.nl>

Prev by Date: Re: Another question concerning the dynlist overlay
Next by Date: Help with SASL/GSSAPI to remote Kerberos server
Index(es):
- Chronological
- Thread