Its solving problem with security policy. Thank you.
Please, update documentation for security policy in OpenLdap.
Now: "This attribute controls the action taken when an account has had more consecutive failed bind attempts with invalid passwords than is defined by pwdMaxFailure." But pwdLockout : TRUE enables other security blocks too, and this blocks don't work without it.
08.10.09, 11:21, "Clément OUDOT" clem.oudot@gmail.com:
Le 7 octobre 2009 19:51, Evgeniy a écrit :
On releases up to 2.4.16 (2.3.x too) works next config :
overlay ppolicy ppolicy_default "cn=CompanyAccountPolicy,ou=CompanyPolicies,dc=Company,dc=com" ppolicy_hash_cleartext ppolicy_use_lockout
On 2.4.18, 2.4.19 its don't work.
you have to apply a password policy to your > entry, either by setting a default password policy in ppolicy overlay > configuration
How I can do it ?
The configuration looks correct. The pwdAccountLockedTime attribute should deactivate an entry in the directory. Be sure to have a TRUE value in pwdLockout attribute of cn=CompanyAccountPolicy,ou=CompanyPolicies,dc=Company,dc=com Clément.