On Friday 14 March 2008 00:11:57 Ryan Steele wrote:
Hello,
First let me thank the gracious folks on this list who have lent their advice to me on my path towards implementing ppolicy. I'm making progress; I can reject new passwords based on password history, and reject weak passwords. However, I'm having a bit of a time trying to get the lockouts to work. My policy is defined as:
56 cn=Password Policy,ou=Policies,dc=example,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: Password Policy pwdAttribute: userPassword pwdMaxAge: 3888000 pwdMinLength: 6 pwdExpireWarning: 432000 pwdFailureCountInterval: 0 pwdMustChange: FALSE pwdAllowUserChange: TRUE pwdSafeModify: TRUE pwdLockout: TRUE pwdCheckQuality: 1 pwdGraceAuthNLimit: 0 pwdInHistory: 6 pwdLockoutDuration: 60 pwdMaxFailure: 3
However, even after many failure attempts, I see no pwdFailureTime attributes in the offending user's entry:
This worked without any complications for me (on various versions of 2.3, most recently 2.3.34, and currently 2.3.40).
How are you testing?
Regards, Buchan