Re: Ldap password policy not throwing different errors

5 Jan 2014


      Am Sun, 5 Jan 2014 15:13:51 +0000
schrieb Idan Fridman idanf@cellebrite.com:
...
Hi,
I use ppolicy overlay and enabled ppolicy_use_lockout to separate
between invalid password and locked accounts.
database    bdb
suffix      "dc=openiam,dc=com"
rootdn      "cn=Manager,dc=openiam,dc=com"
rootpw      "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
# PPolicy Configuration
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext


I tried to lock user account by entering wrong password couple of
times (pwdMaxFailure)
The user is being locked but when I try to login again I still get
the same error:
Invalid credentials (49)
Any idea why i am not getting diffrent error to disticnt between the
cases?
1. there is no appropriate result message for password policy. RFC 4511
Section 4.1.9  defines all result messages and Appendix A provides in
brief a general description.  
2. In your particular case result 49 is a substitution in order to
prevent an unauthorized disclosure.
-Dieter
-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Ldap password policy not throwing different errors