Hi,
I'm trying to configure ppolicy but It's not working when I set pwdMaxAge and pwdWarning (I am able to login when my password is suppose to be expired) I tried with shadowAccount instead of PwdPolicy and It is working well.
This is my relevant setting in slapd.conf
include /etc/openldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=sample,dc=com" ppolicy_use_lockout
My ldip file is:
objectClass: organizationalUnit objectClass: top ou: policies
dn: cn=default,ou=policies,dc=sample,dc=com objectClass: pwdPolicy objectClass: person objectClass: top cn: default pwdAttribute: userPassword sn: dummy pwdAllowUserChange: TRUE pwdCheckQuality: 2 pwdExpireWarning: 50 pwdFailureCountInternal: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: FALSE pwdLockDuration:0 pwdMaxAge: 60 pwdMaxAge: 0 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLenght: 5 pwdMustChange: FALSE pwdSafeModify: FALSE
dn: cn=user1,ou=policies,dc=sample,dc=com objectClass: pwdPolicy objectClass: person objectClass: top objectClass: posixAccount objectClass: pwdPolicy objectClass: shadowAccount cn: user1 pwdAttribute: userPassword gidNumber: 501 homeDirectory: /home/user1 sn: test uid: user1 uidNumber: 501 pwdAllowUserChange: TRUE pwdAge: 20 pwdExpireWarning: 15 userPassword: XXXXX
Thanks in advance!