[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy woes

To: openldap-technical@openldap.org
Subject: Re: ppolicy woes
From: Jeroen van Aart <kroshka@atypon.com>
Date: Fri, 18 Jul 2008 14:09:45 -0700
In-reply-to: <4880C9F7.7070700@jhuapl.edu>
References: <4880C9F7.7070700@jhuapl.edu>
User-agent: Icedove 1.5.0.14eol (X11/20080509)

Robert Evans wrote:

If I include the ACL access part in the slapd.conf file (shown below),
I can't ssh into a client that is using the server to authenticate.
If I remove the access section, I can connect just fine, but then it
authenticates me even though an ldapsearch with the -e ppolicy flag
shows "ldap_bind: Invalid credentials (49); Account locked"

Haven't really checked if your configuration is valid, but I assume it is. I have had problems getting anything to properly obey ppolicy (so with most things you probably have to adapt it by hand). The closest thing to obeying it was ssh, but even then it seemed to be a hit and miss affair.

If you use pam, did you add "pam_lookup_policy yes" anywhere?

Greetings,
Jeroen

References:
- ppolicy woes
  - From: Robert Evans <bob.evans@jhuapl.edu>

Prev by Date: ppolicy woes
Next by Date: BDB selection, et al.
Index(es):
- Chronological
- Thread