Hi,
I am having trouble getting password lockout to work with openldap
2.3.32-0.27 on SLES 10 Service Pack 2.
I don't see any pwdFailureTime attributes ever show up for the user in
question, and the password never locks after bad password attempts.
Below is what I've done so far to set this up (note: i have found no
errors in any logs so far indicating that the overlay isnt working...)
Any help would be greatly appreciated.
Thanks,
Paul
As per the ppolicy documentation on the web, I've added the following
lines to my slapd.conf:
overlay ppolicy
ppolicy_default "cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com"
ppolicy_use_lockout
Also, here is the ldif for my policy:
dn: cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com
cn: stdWebPPolicy
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: 2.5.4.35
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: dummy value
And here is the user I am testing against:
dn: uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: pwdPolicy
objectClass: posixAccount
uid: testuser
cn: testuser
givenName: Test
sn: User
pwdAttribute: userPassword
gidNumber: 123
homeDirectory: /home/testuser
uidNumber: 1234
userPassword: {SSHA}Lz+gz7+HomMnxxq1b+TZpgnxECEbfXs1