Please note that the pwdLockoutDuration is in seconds...so if you get locked out, it's only for 15 seconds in your case. You may want to increase this value to something like 15 minutes (900 seconds) for testing.
HTH, -- Joshua M. Miller - RHCE,VCP
Scott Phelps wrote:
- defaultPolicy.ldif
======================== dn: cn=defaultPolicy,ou=policies,#####SECRET###### cn: defaultPolicy objectClass: organizationalRole objectClass: pwdPolicy objectClass: top pwdLockout: TRUE pwdMaxFailure: 3 pwdAttribute: userPassword pwdGraceAuthNLimit: 3 pwdLockoutDuration: 15 pwdAllowUserChange: TRUE
So with this all in place I get no errors starting slapd (the module gets loaded.) I run the following command 4 times: ldapsearch -P 3 -x -LLL -e ppolicy -D "uid=ppolictest,ou=people,#####SECRET######" -W "(objectclass=*)" Entering an incorrect password each time, however the account never gets locked out and the operational attributes never change.