ppolicy password lockout

Hi, I am having trouble getting password lockout to work with openldap 2.3.32-0.27 on SLES 10 Service Pack 2. I don't see any pwdFailureTime attributes ever show up for the user in question, and the password never locks after bad password attempts.

Below is what I've done so far to set this up (note: i have found no errors in any logs so far indicating that the overlay isnt working...) Any help would be greatly appreciated.

Thanks, Paul

As per the ppolicy documentation on the web, I've added the following lines to my slapd.conf:

overlay ppolicy ppolicy_default "cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com" ppolicy_use_lockout

Also, here is the ldif for my policy:

dn: cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com cn: stdWebPPolicy objectClass: pwdPolicy objectClass: person objectClass: top pwdAllowUserChange: TRUE pwdAttribute: 2.5.4.35 pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxAge: 0 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE sn: dummy value

And here is the user I am testing against:

dn: uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: pwdPolicy objectClass: posixAccount uid: testuser cn: testuser givenName: Test sn: User pwdAttribute: userPassword gidNumber: 123 homeDirectory: /home/testuser uidNumber: 1234 userPassword: {SSHA}Lz+gz7+HomMnxxq1b+TZpgnxECEbfXs1