Fair enough. now I'm updated $ rpm -qa |grep openldap openldap-ltb-2.4.35-1.el6.x86_64 openldap-ltb-check-password-1.1-8.el6.x86_64
I dumped and reimported my database, and tried agian. I dont see any difference.
TESTS: RESULT:
pwdSafeModify: FALSE PASS: Message: LDAP password information update failed: Insufficient access. Must supply old password to be changed as well as new one pwdAllowUserChange: FALSE PASS: Message: LDAP password information update failed: Insufficient access. User alteration of password is not allowed pwdMaxAge: 300 Not Tested. pwdExpireWarning: 10 Not Tested. pwdInHistory: 3 FAIL: I can still flip between 2 passwords pwdMinLength: 12 FAIL: I can still set a 6 char password pwdMustChange: FAIL: I am not forced to change passwd. pwdMaxFailure: 2 FAIL: Still allowed in after 3 failures
Thanks, Dan
On Wed, Apr 10, 2013 at 11:57 AM, Clément OUDOT clem.oudot@gmail.comwrote:
2013/4/10 D C dc12078@gmail.com
Here are my results.. Any thoughts as to why this is not working? As for my ldap version, I'm using the version provided in CentOS 6. I would prefer to use these prepacked builds whenever possible. If there is an issue where this will not work on that version, then I'll go ahead and upgrade.
TESTS: RESULT: pwdSafeModify: FALSE PASS: Message: LDAP password information update failed: Insufficient access. Must supply old password to be changed as well as new one pwdAllowUserChange: FALSE PASS: Message: LDAP password information update failed: Insufficient access. User alteration of password is not allowed pwdMaxAge: 300 FAIL: Login still allowed after 300 seconds. pwdExpireWarning: 10 FAIL: No warning message pwdInHistory: 3 FAIL: I can still flip between 2 passwords pwdMinLength: 12 FAIL: I can still set a 6 char password pwdMustChange: FAIL: I am not forced to change passwd. pwdMaxFailure: 2 FAIL: Still allowed in after 6 failures
Other Info: pwdLockout: TRUE pwdLockoutDuration: 600
As Quanah said, your version is quite old with a lot of bugs on ppolicy. Upgrade to the latest version.
Clément.