Environment: =============== * OS: Ubuntu Feisty 7.04 * Slapd Version: slapd 2.3.30 * Apt-Package Compile Options (per launchpadlibrarian.net): --prefix=/usr --libexecdir='${prefix}/lib' --sysconfdir=/etc --localstatedir=/var --mandir='${prefix}/share/man' --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slp --enable-wrappers --enable-backends=mod --enable-ldbm=no --enable-overlays=mod --enable-slurpd --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls
* slapd.conf (abbridged) ============= # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/sudo.schema include /etc/ldap/schema/autofs.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/authldap.schema include /etc/ldap/schema/solaris.schema include /etc/ldap/schema/solaris-nis.schema include /etc/ldap/schema/solarisdua.schema
modulepath /usr/lib/ldap moduleload back_bdb moduleload ppolicy
schemacheck on
TLSCipherSuite #####SECRET###### TLSCertificateFile #####SECRET###### TLSCertificateKeyFile #####SECRET###### TLSCACertificateFile #####SECRET######
database bdb
# Overlay Directives overlay ppolicy ppolicy_default "cn=defaultPolicy,ou=policies,#####SECRET#######" ppolicy_use_lockout
directory "/var/lib/ldap" # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on
access to dn.children="ou=people,#####SECRET######" attrs=userPassword by group/groupOfNames/member="#####SECRET######" write by self write by * auth
* defaultPolicy.ldif ======================== dn: cn=defaultPolicy,ou=policies,#####SECRET###### cn: defaultPolicy objectClass: organizationalRole objectClass: pwdPolicy objectClass: top pwdLockout: TRUE pwdMaxFailure: 3 pwdAttribute: userPassword pwdGraceAuthNLimit: 3 pwdLockoutDuration: 15 pwdAllowUserChange: TRUE
* ppolicytest.ldif ========================= dn: uid=ppolicytest,ou=people,#####SECRET###### uid: ppolicytest uidNumber: 1012 gidNumber: 100 homeDirectory: /home/ppolicytest loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: top structuralObjectClass: inetOrgPerson entryUUID: e4c33596-d832-102b-8c70-39998be84848 creatorsName: #####SECRET###### createTimestamp: 20070806063457Z pwdPolicySubentry: cn=defaultPolicy,ou=policies,#####SECRET###### userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== pwdChangedTime: 20070806070643Z cn: ppolicytest entryCSN: 20070806070815Z#000000#00#000000 modifiersName: #####SECRET###### modifyTimestamp: 20070806070815Z entryDN: uid=ppolicytest,ou=people,#####SECRET###### subschemaSubentry: cn=Subschema hasSubordinates: FALSE
So with this all in place I get no errors starting slapd (the module gets loaded.) I run the following command 4 times: ldapsearch -P 3 -x -LLL -e ppolicy -D "uid=ppolictest,ou=people,#####SECRET######" -W "(objectclass=*)" Entering an incorrect password each time, however the account never gets locked out and the operational attributes never change.
TIA, for any advice!