https://bugs.openldap.org/show_bug.cgi?id=9156
--- Comment #3 from David Coutadeur david.coutadeur@gmail.com ---
Hello,
I have made some new tests on OpenLDAP master branch. For information, I had to fix a typo before it compiles: the manpage of pbkdf2 overlay was not correctly written: in contrib/slapd-modules/passwd/pbkdf2/Makefile: ``` MANPAGES = slapd-pw-pbkdf2.5 ``` should be: ``` MANPAGES = slapo-pw-pbkdf2.5 ```
Here are the things I have basically tested:
- pwdMaxLength: OK
- pwdLastSuccess, pwdMaxIdle: KO: the user is able to authenticate after the pwdMaxIdle delay. Also, the pwdLastSuccess is never written (see https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-5.3...). For information, I have enabled lastbind. The slapo-ppolicy man page does not mention pwdLastSuccess by the way.
- pwdStartTime, pwdEndTime: OK, but there is no special ppolicy code returned, and if I read correctly the draft (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.1), an "accountLocked" extended error code should be triggered.
- basic integration with ppm, and in particular the pwdCheckModuleArg (https://github.com/ltb-project/ppm): OK (but will need some adaptation of the check_password signature: https://github.com/ltb-project/ppm/issues/20)
Regards,
David