[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy on consumers

To: openldap-technical@openldap.org
Subject: ppolicy on consumers
From: Andrei BÄNARU <abanaru@streamwide.ro>
Date: Thu, 21 Feb 2013 16:21:04 +0200
Organization: StreamWIDE Romania
User-agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3

Hi,

Did anyone manage to get the ppolicy overlay to work on the consumers ?

The user gets the pwdAccountLockedTime attribute on the provider and the consumers. To validate this I use:

[root@opennms ~]# ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap-master.example.com
ldap_bind: Invalid credentials (49); Account locked

ÂÂÂ where ldap-master.example.com is the provider.

[root@opennms ~]# ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap.example.ro
dn:uid=user1,ou=People,ou=Country1,dc=example,dc=com

ÂÂÂ where ldap.example.ro is one of the consumers.

The same issue occurs also on expired passwords.
On the consumer I've used ppolicy_forward_updates and that works like a charm.

Did I miss something vital in the configuration ?

Thx!

-- 
Andrei BÄNARU
Internal Support
CCNA Security, CCIP
StreamWIDE Romania

Prev by Date: N-Way Multimaster with syncrepl and delta-repl -- slapd stops responding
Next by Date: Re: openLDAP is not working with MySQL cluster
Index(es):
- Chronological
- Thread