Thanks to everyone having answered me earlier, I've managed to set up
password policy on the OpenLDAP provided in CentOS 5.5 repositories
(current version 2.3.43).
The setup: we have password policy enabled for users accounts in our
intranet. After 5 unsuccessful attempts the account is blocked for short
duration (30 seconds).
Does that mean that anyone now can keep all the accounts blocked most of
the time? Am I right that if anyone enters someone else' incorrect
password 5 times (in the given case), they will block the target account
(regardless of what IP address the attacker was connecting from)?
Narrower question: do password policy module developers plan to take
into account what IPs are used to connect (thus, blocking only access
from specific IPs)?
All the best,