Which OpenLDAP version? You can search for the message in source file servers/slapd/overlays/ppolicy.c Reading the comment setting warn = 0 should not happen. Does uid=testuser,ou=domain,dc=org really have a correct 'pwdChanged' attribute value? Ciao, Michael. Ulrich Windl wrote: > Hi! > > Can someone explain what this message is actually saying: > slapd[3990]: ppolicy_bind: Setting warning for password expiry for uid=testuser,ou=domain,dc=org = 0 seconds > > Does this mean a user who mistyped his password before logged in successfully now? > > I saw no change to the LDAP database after this message, so what is changed, and where is it cahnged? Also those "0 seconds" don't match my password policy, which looks like this (still testing): > > -- > objectClass: namedObject > objectClass: pwdPolicy > cn: PP-Default > pwdAttribute: userPassword > pwdMinAge: 30 > pwdMaxAge: 86400000 > pwdInHistory: 3 > pwdCheckQuality: 1 > pwdMinLength: 8 > pwdExpireWarning: 604800 > pwdGraceAuthNLimit: 5 > pwdLockout: TRUE > pwdLockoutDuration: 1800 > pwdMaxFailure: 10 > pwdFailureCountInterval: 1209600 > pwdMustChange: TRUE > pwdAllowUserChange: TRUE > pwdSafeModify: FALSE > -- > > I'm running SLES11 SP3... > > Regards, > Ulrich
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature