https://bugs.openldap.org/show_bug.cgi?id=9813
--- Comment #2 from Thierry PUBELLIER thierry.pubellier@paris.fr --- (In reply to Ondřej Kuzník from comment #1)
Hi Thierry, yes, this seems like an unsupported combination of features. If you were to put this in, now that ITS#9343 has been merged (staged for 2.7), it might be possible to make a distinction between a default policy and one that was applied explicitly through a rule or pwdPolicySubentry.
Hi Ondřej,
Thanks for your answer.
Combining remoteauth and ppolicy with this new feature from ITS#9343 may be a real plus for security and protection of internal directories, providing lockout capabilities.
It's really easier to configure and use than the almost equivalent solution with saslauthd, and allows to have multiple remote domains simply.
If you estimate this an interesting feature, I already have a fully functional patch that declares a new configuration option (ppolicy_always_check), which makes ppolicy always checks for lockout. May I submit it ?
Best regards,
Thierry