|
> On 06/01/2012 21:29, Chris Jacobs wrote:
> > Your example shows only 2 pwdFailureTime entries and your policy indicates "pwdMaxFailure: 3". > > > > Hi Chris, > > No matter how many failed attempts I make, it never appears as locked: > > I now have: > pwdFailureTime: 20120106193928Z > pwdFailureTime: 20120106194040Z > pwdFailureTime: 20120107112658Z > pwdFailureTime: 20120107112705Z > > and still no pwdAccountLockedTime. > > Is anybody observing the same behavior ? > Your initial mail does not show a 'ppolicy_default' in slapd.conf. I believe you need to create a default ppolicy entry in LDAP, and specify it in slapd.conf: # Password Policy overlay ppolicy ppolicy_default "cn=default,ou=ppolicy,dc=local" Without the default, or if you want a user to use something other than default, you'll need to manually set the pwdPolicySubentry for the user. In you case: dn: uid=lcaron_99,ou=People,dc=local changetype: modify replace: pwdPolicySubentry pwdPolicySubentry: cn=lcaron_99,ou=ppolicy,dc=local ~/joe |