Do you also look at the decreasing grace login counter in diagnostic message?
The AF tests evaluate grace / ensure it maintains proper count, locks when it reaches zero. Not evaluating the diagnostic message.
-- Shawn
----- Original Message ----- From: "Michael Ströder" michael@stroeder.com To: "openldap-devel" openldap-devel@openldap.org Sent: Monday, May 3, 2021 10:57:44 AM Subject: Re: slapo-ppolicy 2.4 vs. 2.5
On 5/3/21 5:39 PM, smckinney@symas.com wrote:
From: "Michael Ströder" michael@stroeder.com Do you have any tests you could run against 2.4 and 2.5 to verify whether both have same behaviour?
I have tested 2.4 and 2.5 pw policies using Apache Fortress tests:
Do you also look at the decreasing grace login counter in diagnostic message?
The only functional difference that I found was 2.5 now requires sending the RelaxControl ("1.3.6.1.4.1.4203.666.5.12") on the following ops:>
- lock/unlock
- mods of user's pwdPolicySubentry attribute
Currently not relevant for my tests.
Other than that, everything else worked the same, besides no longer including the pwpolicy.schema in the server config of course.
This is already covered since quite a while by checking whether file ppolicy.ldif exists in the schema/ directory or not.
Ciao, Michael.