[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Implementing password policy
Your example shows only 2 pwdFailureTime entries and your policy indicates "pwdMaxFailure: 3".
- chris
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Laurent CARON
Sent: Friday, January 06, 2012 11:57 AM
To: openldap-technical@openldap.org
Subject: Implementing password policy
Hi,
I'm currently implementing a password policy on my openldap directory.
Most of it is working (password length, password history). I just can't make the account lockout work.
The attribute pwdAccountLockedTime is never created in my directory.
Entries used for the test:
dn: cn=lcaron_99,ou=ppolicy,dc=local
sn: lcaron_99
pwdCheckQuality: 0
pwdMaxFailure: 3
pwdAllowUserChange: TRUE
pwdInHistory: 10
pwdLockout: TRUE
pwdMinLength: 8
structuralObjectClass: person
pwdExpireWarning: 720000
pwdGraceAuthNLimit: 5
cn: lcaron_99
pwdAttribute: userPassword
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdMaxAge: 10
pwdFailureCountInterval: 1200
pwdLockoutDuration: 3600
modifyTimestamp: 20120106194803Z
dn: uid=lcaron_99,ou=People,dc=local
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: lcaron_99
sn: lcaron_99
uid: lcaron_99
uidNumber: 4082
gidNumber: 513
homeDirectory: /home/lcaron_99
loginShell: /bin/bash
...samba attributes snipped ...
userPassword:: ...snipped...
pwdPolicySubentry: cn=lcaron_99,ou=ppolicy,dc=local
pwdChangedTime: 20120106193917Z
structuralObjectClass: inetOrgPerson
creatorsName: cn=admin,dc=local
createTimestamp: 20120106193917Z
pwdFailureTime: 20120106193928Z
pwdFailureTime: 20120106194040Z
entryCSN: 20120106194040.970726Z#000000#000#000000
modifiersName:
modifyTimestamp: 20120106194040Z
in slapd.conf:
# Password Policy
overlay ppolicy
Did I miss something obvious ?
Thanks
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.