On Tuesday 04 March 2008 07:56:26 Zhang Weiwu wrote:
Hello. I've been working on a system with low security requirement and high usability requirement. I uses ppolicy overlay and enabled ppolicy_use_lockout to avoid people gets confused when they failed to login too many times:
suffix "st=jiangxi,o=LGOP" rootdn "userid=admin,st=jiangxi,o=LGOP" rootpw [...] overlay ppolicy ppolicy_default "st=jiangxi,o=LGOP" ppolicy_use_lockout
Restart openldap server and test again by trying to bind with the wrong password enough times (in my case, 20 times). Then try to bind with the right password:
ldapsearch -H ldap://gtz.ods.org/ -xD ou=江西省,st=jiangxi,o=LGOP -W ou=*余干* areacode ldap_bind: Invalid credentials (49)
Enable the ppolicy control with "-e ppolicy", and you will get the correct message.
Regards, Buchan