Full_Name: Dieter Kluenter Version: 2.4.11 OS: openSUSE-11.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.142.237.56)

Hello, man slapo-ppolicy(5) says that the overlay depends on objectclass pwdPolicy and Every account that should be subject to password policy control should have pwdPolicySubentry... But ppolicy is controlling every enty, even those without attribute pwdPolicy and attribute pwdPolicySubentry. I have created a test entry, which is not subject to password policy but got locked out after 3 binds with wrong password.

dn: cn=pw tester,o=avci,c=de cn: pw tester createTimestamp: 20080808132851Z creatorsName: cn=admin,o=avci,c=de description: Password Tester entryCSN: 20080808132851.203028Z#000000#000#000000 entryDN: cn=pw tester,o=avci,c=de entryUUID: af06a7e2-f999-102c-8d8e-df96a2a401d4 hasSubordinates: FALSE modifiersName: cn=admin,o=avci,c=de modifyTimestamp: 20080808132851Z objectClass: person pwdAccountLockedTime: 20080808133126Z pwdChangedTime: 20080808132851Z pwdFailureTime: 20080808133058Z pwdFailureTime: 20080808133109Z pwdFailureTime: 20080808133126Z sn: tester structuralObjectClass: person subschemaSubentry: cn=Subschema userPassword: tested

-Dieter