Good afternoon,
Tell me how to exclude the user's "search" from thesecurity policies
The user is located in the ou =users
Ou=policy also located in ou=users
The reason that I need to exclude the user, is that when I set the
pwdMaxAge and pwdGraceAuthNLimit.
I can not log into the application at any login. In the openldap logs have a message
bdb_dn2entry("uid=search,ou=users,ou=db")
bdb_entry_get: rc=0
ppolicy_bind: Entry uid=search,ou=users,ou=db has an expired password: -39 grace logins
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 52 bytes to sd 13
tls_write: want=73, written=73
0000: 17 03 01 00 44 c3 ec 7b f6 fb 12 85 2d 87 57 6c ....D..{....-.Wl
0010: 6c 8c 36 ec 6f d3 39 1d 91 4b 1a db 53 d6 99 0e l.6.o.9..K..S...
0020: e8 94 85 93 b0 9a 3e 38 18 ab 00 fc 0f 3f d6 b4 ......>8.....?..
0030: 39 a8 2d 8f 84 7f 46 09 90 cf 1d d2 28 a3 6e eb 9.-...F.....(.n.
0040: e8 ac f0 ad 66 44 7b 4f 47 ....fD{OG
ldap_write: want=52, written=52
0000: 30 32 02 01 01 61 07 0a 01 31 04 00 04 00 a0 24 02...a...1.....$
0010: 30 22 04 19 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 0"..1.3.6.1.4.1.
0020: 34 32 2e 32 2e 32 37 2e 38 2e 35 2e 31 04 05 30 42.2.27.8.5.1..0
0030: 03 81 01 00 ....
conn=1 op=0 RESULT tag=97 err=49 text=
If I set pwdGraceAuthNLimit to 100. I'm able to login into the application. I can not change password for user "search" :-(
Thank you
-------------------------------------------------------------------------------
С уважением,
Алексей Шалин
Системный Администратор
Отдел системного администрирования
ЗАО "Межбанковский процессинговый центр"
720083, Кыргызская Республика
г. Бишкек, ул. Ауэзова 1/2
тел.: +996 (312) 637738 (вн. 138)
факс: +996 (312) 637748
e-mail: a.shalin(a)ipc.kg