Hi All
Using : Ubuntu 22.04 slapd 2.5.14+dfsg-0ubuntu0.22.04.1 amd64
policy: # module{0}, config dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_mdb olcModuleLoad: {1}memberof olcModuleLoad: {2}refint olcModuleLoad: {3}ppolicy
# {2}ppolicy, {1}mdb, config dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {2}ppolicy olcPPolicyDefault: cn=default_policies,ou=policies,dc=contatogs,dc=com,dc=br olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE
# contatogs-ppolicy, Policies, contatogs.com.br dn: cn=contatogs-ppolicy,ou=Policies,dc=contatogs,dc=com,dc=br objectClass: top objectClass: person objectClass: pwdPolicy cn: contatogs-ppolicy sn: policies pwdAttribute: userPassword pwdMinAge: 0 pwdInHistory: 6 pwdCheckQuality: 2 pwdMinLength: 8 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxFailure: 3 pwdFailureCountInterval: 1800 pwdAllowUserChange: TRUE pwdMaxRecordedFailure: 3
Using a simple ldapsearch with correct user and password works fine. xxx is the correct password root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w xxx |wc -l 10725
Using wrong password : (yyy) root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l ldap_bind: Invalid credentials (49) 0
So far so good but if I insert : pwdMaxDelay: 40 pwdMinDelay: 4
test with correct password is ok ( xxx) root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w xxx |wc -l 10725
But if I test with a wrong password ( yyy) I got: root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l ldap_result: Can't contact LDAP server (-1) 0
my openldap stop working.........Active: inactive (dead)
root@zeus:/usr/lib/python3/dist-packages# systemctl status -l slapd ○ slapd.service - LSB: OpenLDAP standalone server (Lightweight Director> Loaded: loaded (/etc/init.d/slapd; generated) Drop-In: /usr/lib/systemd/system/slapd.service.d └─slapd-remain-after-exit.conf Active: inactive (dead) since Tue 2023-04-04 14:44:49 -03; 20s ago Docs: man:systemd-sysv-generator(8) Process: 986673 ExecStart=/etc/init.d/slapd start (code=exited, sta> Process: 986688 ExecStop=/etc/init.d/slapd stop (code=exited, statu> CPU: 47ms
Apr 04 14:44:46 zeus slapd[986679]: auxpropfunc error invalid parameter> Apr 04 14:44:46 zeus slapd[986679]: _sasl_plugin_load failed on sasl_au> Apr 04 14:44:46 zeus slapd[986679]: ldapdb_canonuser_plug_init() failed> Apr 04 14:44:46 zeus slapd[986679]: _sasl_plugin_load failed on sasl_ca> Apr 04 14:44:46 zeus slapd[986680]: slapd starting Apr 04 14:44:46 zeus slapd[986673]: ...done. Apr 04 14:44:46 zeus systemd[1]: Started LSB: OpenLDAP standalone serve> Apr 04 14:44:49 zeus slapd[986688]: * Stopping OpenLDAP slapd Apr 04 14:44:49 zeus slapd[986688]: ...done. Apr 04 14:44:49 zeus systemd[1]: slapd.service: Deactivated successfull
What am I doing wrong????
Cheers