Hi,
I am having
trouble getting password lockout to work with openldap 2.3.32-0.27 on SLES 10
Service Pack 2.
I don't see
any pwdFailureTime attributes ever show up for the user in question, and the
password never locks after bad password attempts.
Below is what
I've done so far to set this up (note: i have found no errors in any logs so far
indicating that the overlay isnt working...) Any help would be greatly
appreciated.
Thanks,
Paul
As per the ppolicy
documentation on the web, I've added the following lines to my
slapd.conf:
overlay
ppolicy
ppolicy_default
"cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com"
ppolicy_use_lockout
Also, here is
the ldif for my policy:
dn:
cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com
cn:
stdWebPPolicy
objectClass: pwdPolicy
objectClass: person
objectClass:
top
pwdAllowUserChange: TRUE
pwdAttribute: 2.5.4.35
pwdCheckQuality:
2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit:
5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration:
1800
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength:
5
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: dummy
value
And here is
the user I am testing against:
dn:
uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com
objectClass:
inetOrgPerson
objectClass: organizationalPerson
objectClass:
person
objectClass: top
objectClass: pwdPolicy
objectClass:
posixAccount
uid: testuser
cn: testuser
givenName: Test
sn:
User
pwdAttribute: userPassword
gidNumber: 123
homeDirectory:
/home/testuser
uidNumber: 1234
userPassword:
{SSHA}Lz+gz7+HomMnxxq1b+TZpgnxECEbfXs1