Have a nice day.
I have to implement password policy in our OpenLdap. During testing futures of ppolicy module I found that they ignore expired password when I authenticate user by SASL DIGEST-MD5. When I try on exprired account:
ldapwhoami -xD "cn=Kokos Velky,ou=TestUsers,ou=People,o=Ceske drahy,c=CZ"
the answer is: ldap_bind: Invalid credentials (49) and in slapd log:
ppolicy_bind: Entry cn=Kokos Velky,ou=TestUsers,ou=People,o=Ceske drahy,c=CZ has an expired password: 0 grace logins
But when I try
ldapwhoami -Y DIGEST-MD5 -U kokos1
the answer is SASL/DIGEST-MD5 authentication started SASL username: kokos1 SASL SSF: 128 SASL installing layers dn:cn=kokos velky,ou=testusers,ou=people,o=ceske drahy,c=cz Result: Success (0)
In slapd.conf I have
sasl-regexp uid=(.*),cn=digest-md5,cn=auth "ldap:///o=Ceske drahy,c=CZ??sub?(&(uid=$1)(|(objectClass=inetOrgPerson) (objectClass=applicationProcess)))"
What I am doing wrong?
Many thanks for advice. Jiri Netolicky