Hi,
I don't see a problem description anywhere in this email. What exactly
is the issue you are facing with ppolicy
Sorry. Essentially, I'm trying to replicate the tests done specifically to test account lockout when you run 'make test' after compiling openldap.
Here is a slapcat of my directory:
[root@dgovit-pap02 sbin]# ./slapcat dn: dc=ttpua,dc=portal dc: ttpua objectClass: dcObject objectClass: organizationalUnit ou: TTPUA Portal structuralObjectClass: organizationalUnit entryUUID: f0a9c1ec-dd27-102a-9bfc-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000000#00#000000
dn: ou=users,dc=ttpua,dc=portal ou: users objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b2c404-dd27-102a-9bfd-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000001#00#000000
dn: ou=system,ou=users,dc=ttpua,dc=portal ou: system objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b3d042-dd27-102a-9bfe-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000002#00#000000
dn: ou=portal,ou=users,dc=ttpua,dc=portal ou: portal objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b4b8c2-dd27-102a-9bff-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000003#00#000000
dn: ou=disabled,ou=portal,ou=users,dc=ttpua,dc=portal ou: disabled objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b5a19c-dd27-102a-9c00-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000004#00#000000
dn: ou=active,ou=portal,ou=users,dc=ttpua,dc=portal ou: active objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b663e8-dd27-102a-9c01-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000005#00#000000
dn: ou=pending,ou=portal,ou=users,dc=ttpua,dc=portal ou: pending objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b750fa-dd27-102a-9c02-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000006#00#000000
dn: ou=roles,dc=ttpua,dc=portal ou: roles objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b839e8-dd27-102a-9c03-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000007#00#000000
dn: ou=portal,ou=roles,dc=ttpua,dc=portal ou: portal objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0b92a9c-dd27-102a-9c04-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000008#00#000000
dn: ou=policies,dc=ttpua,dc=portal ou: policies objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0ba10ec-dd27-102a-9c05-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#000009#00#000000
dn: ou=portal,ou=policies,dc=ttpua,dc=portal ou: portal objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: f0bafb4c-dd27-102a-9c06-3fef944328a2 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920191410Z modifyTimestamp: 20060920191410Z entryCSN: 20060920191410Z#00000a#00#000000
dn: cn=std,ou=portal,ou=policies,dc=ttpua,dc=portal objectClass: pwdPolicy objectClass: top objectClass: device cn: std pwdAttribute: userPassword pwdMaxAge: 7516800 pwdExpireWarning: 432000 pwdInHistory: 6 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 4 pwdLockout: TRUE pwdLockoutDuration: 1920 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: TRUE structuralObjectClass: device entryUUID: b0976292-dd29-102a-8aff-4f205a2326f4 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920192642Z modifyTimestamp: 20060920192642Z entryCSN: 20060920192642Z#000000#00#000000
dn: ou=testing,ou=portal,ou=users,dc=ttpua,dc=portal ou: testing objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: badddc52-dd30-102a-8afe-613291c80c74 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920201706Z entryCSN: 20060920201706Z#000000#00#000000 modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifyTimestamp: 20060920201706Z
dn: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal objectClass: top objectClass: person sn: scoobydoo cn: scoobydoo structuralObjectClass: person entryUUID: 56d4aa34-dd39-102a-93bd-2d2088fc7504 creatorsName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal createTimestamp: 20060920211843Z entryCSN: 20060920211922Z#000000#00#000000 modifiersName: cn=scoobydoo,ou=system,ou=users,dc=ttpua,dc=portal modifyTimestamp: 20060920211922Z
dn: cn=test,ou=portal,ou=policies,dc=ttpua,dc=portal objectClass: pwdPolicy objectClass: top objectClass: device cn: test pwdAttribute: userPassword pwdMaxAge: 360 pwdExpireWarning: 120 pwdInHistory: 3 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 3 pwdLockout: TRUE pwdLockoutDuration: 60 pwdFailureCountInterval: 120 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: TRUE pwdGraceAuthNLimit: 3 structuralObjectClass: device entryUUID: dde41790-ddb0-102a-9d8f-2524a04c2d05 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal modifiersName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20060921113420Z modifyTimestamp: 20060921113420Z entryCSN: 20060921113420Z#000000#00#000000
dn: cn=webuser,ou=portal,ou=roles,dc=ttpua,dc=portal objectClass: top objectClass: person objectClass: organizationalPerson sn: webuser cn: webuser structuralObjectClass: organizationalPerson entryUUID: 6ae140ba-de0a-102a-8cfb-0b9650b2dbbe creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20060921221522Z entryCSN: 20060921221522Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20060921221522Z
dn: cn=lnelson,ou=active,ou=portal,ou=users,dc=ttpua,dc=portal uid: 1 objectClass: organizationalPerson objectClass: inetOrgPerson givenName: Lamont sn: Nelson cn: lnelson structuralObjectClass: inetOrgPerson entryUUID: 5ca463c6-e0fb-102a-9d43-93b4dcc2b715 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20060925160509Z userPassword:: cGFzc3dvcmQxMjM= entryCSN: 20060925170645Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20060925170645Z
dn: cn=User,ou=active,ou=portal,ou=users,dc=ttpua,dc=portal uid: 2 objectClass: organizationalPerson objectClass: inetOrgPerson givenName: UA User sn: UA cn: User structuralObjectClass: inetOrgPerson entryUUID: b4f5dd42-e106-102a-9d44-93b4dcc2b715 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20060925172621Z userPassword:: dHRwdWE= entryCSN: 20060925172716Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20060925172716Z
dn: cn=Rnewton,ou=active,ou=portal,ou=users,dc=ttpua,dc=portal objectClass: organizationalPerson objectClass: inetOrgPerson sn: Newton cn: Rnewton structuralObjectClass: inetOrgPerson entryUUID: d35e7c30-05d7-102b-9d47-93b4dcc2b715 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20061111135359Z uid: 3 givenName: R Newton userPassword:: ZGhzMXVh entryCSN: 20061111135646Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20061111135646Z
dn: cn=lnelson123,ou=pending,ou=portal,ou=users,dc=ttpua,dc=portal supervisorName: test o: test telephoneNumber: test street: test sn: test userPassword:: cGFzc1dPUkQxMjMh city: test givenName: test mail: test objectClass: dfittpuser accessReason: test postalCode: test supervisorEmail: test cn: lnelson123 title: test businessCategory: test st: AR structuralObjectClass: dfittpuser entryUUID: 1c673d44-3bf3-102b-912c-2d95986cd7a9 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20070119102521Z entryCSN: 20070119102521Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20070119102521Z
dn: cn=Username,ou=pending,ou=portal,ou=users,dc=ttpua,dc=portal supervisorName: Supervisor's Name o: Employer Name telephoneNumber: Professional Phone Number street: Professional Street Address sn: Last Name userPassword:: cGFzc1dPUkQxMjMh city: City givenName: First Name mail: Professional Email Address objectClass: dfittpuser accessReason: Reason for requesting access postalCode: Zip Code supervisorEmail: Supervisor's Email Address cn: Username title: Title businessCategory: Job Title st: DE structuralObjectClass: dfittpuser entryUUID: 695d0502-3bf3-102b-912d-2d95986cd7a9 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20070119102730Z entryCSN: 20070119102730Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20070119102730Z
dn: cn=tuser,ou=testing,ou=portal,ou=users,dc=ttpua,dc=portal userPassword:: e1NIQX1XNnBoNU1tNVB6OEdnaVVMYlBnekczN21qOWc9 objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson sn: User cn: tuser structuralObjectClass: inetOrgPerson entryUUID: 15847d74-3bf4-102b-912f-2d95986cd7a9 creatorsName: cn=scoobydoo,dc=ttpua,dc=portal createTimestamp: 20070119103219Z pwdPolicySubentry: cn=test,ou=portal,ou=policies,dc=ttpua,dc=portal entryCSN: 20070119103245Z#000000#00#000000 modifiersName: cn=scoobydoo,dc=ttpua,dc=portal modifyTimestamp: 20070119103245Z
So, as test022-policy does, I should be able to lock myself out after 3 unsuccessful attempts..
./ldapsearch -x -b "dc=ttpua,dc=portal" -P 3 -LLL -e ppolicy -h localhost -D cn=tuser,ou=testing,ou=portal,ou=users,dc=ttpua,dc=portal -w badpassword
I do that 3 times, and after third attempt,I should receive a response back from the server indicating that my acct is locked out. But I don't and if I use the correct password for the account, I am able to authenticate and my search returns data.
Also, when I start up my ldap server, I get the following error:
Stopping slapd: [ OK ] Checking configuration files for slapd: WARNING: No dynamic config support for overlay ppolicy. config file testing succeeded Starting slapd:
So I'm not sure whats wrong here. This is already long so I don't want to respost my slapd.conf.