Which OpenLDAP version?
You can search for the message in source file servers/slapd/overlays/ppolicy.c
Reading the comment setting warn = 0 should not happen.
Does uid=testuser,ou=domain,dc=org really have a correct 'pwdChanged' attribute value?
Ciao, Michael.
Ulrich Windl wrote:
Hi!
Can someone explain what this message is actually saying: slapd[3990]: ppolicy_bind: Setting warning for password expiry for uid=testuser,ou=domain,dc=org = 0 seconds
Does this mean a user who mistyped his password before logged in successfully now?
I saw no change to the LDAP database after this message, so what is changed, and where is it cahnged? Also those "0 seconds" don't match my password policy, which looks like this (still testing):
-- objectClass: namedObject objectClass: pwdPolicy cn: PP-Default pwdAttribute: userPassword pwdMinAge: 30 pwdMaxAge: 86400000 pwdInHistory: 3 pwdCheckQuality: 1 pwdMinLength: 8 pwdExpireWarning: 604800 pwdGraceAuthNLimit: 5 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxFailure: 10 pwdFailureCountInterval: 1209600 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE --
I'm running SLES11 SP3...
Regards, Ulrich