Hi All,
I am using OpenLdap 2.4.32 on solaris 10. It seems
that pwdMaxAge And pwdExpireWarning are not working. Other policies
like pwdInHistory, pwdLockout seems to work fine. I cannot see either expiry message
or authentication failure in logs after I wait for configured time/seconds.
Can somebody help me out with this?
-bash-3.00# ./ldapwhoami -x -D
uid=admin,ou=People,dc=example,dc=com -W -e ppolicy
Enter LDAP Password:
ldap_bind: Success (0) (Password expires in 0 seconds)
dn:uid=admin,ou=people,dc=example,dc=com
Here is my configuration.
-bash-3.00# ./ldapsearch -x -b "dc=example,dc=com"
"(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: domain
dc: example
# roles, example.com
dn: ou=roles,dc=example,dc=com
objectClass: organizationalUnit
ou: roles
# people, example.com
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
# admin, people, example.com
dn: uid=admin,ou=people,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
cn: admin
displayName: Admin
givenName: admin
mail: admin@example.com
sn: Admin
uid: admin
userPassword::
e1NTSEF9NU1WNHpuTHB2N3ZmSkcvaU44VC85QkNJMWVueU5hcDc=
# utsacct_provisioner, roles, example.com
dn: cn=utsacct_provisioner,ou=roles,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: utsacct_provisioner
uniqueMember: uid=admin,ou=people,dc=example,dc=com
# provisioner, roles, example.com
dn: cn=provisioner,ou=roles,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: provisioner
uniqueMember: uid=admin,ou=people,dc=example,dc=com
# policies, example.com
dn: ou=policies,dc=example,dc=com
ou: policies
objectClass: organizationalUnit
objectClass: top
# default, policies, example.com
dn: cn=default,ou=policies,dc=example,dc=com
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 2000
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: dummy value
# search result
search: 2
result: 0 Success
# numResponses: 9
# numEntries: 8
Slapd.conf
---------------------------------
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix
"dc=example,dc=com"
rootdn
"cn=Manager,dc=example,dc=com"
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
Regards,
Swapnil