Hi,

Did anyone manage to get the ppolicy overlay to work on the consumers ?

The user gets the pwdAccountLockedTime attribute on the provider and the consumers. To validate this I use:

[root@opennms ~]# ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap-master.example.com
ldap_bind: Invalid credentials (49); Account locked

where ldap-master.example.com is the provider.

[root@opennms ~]# ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap.example.ro
dn:uid=user1,ou=People,ou=Country1,dc=example,dc=com

where ldap.example.ro is one of the consumers.

The same issue occurs also on expired passwords.
On the consumer I've used ppolicy_forward_updates and that works like a charm.

Did I miss something vital in the configuration ?

Thx!

-- 
Andrei BĂNARU
Internal Support
CCNA Security, CCIP
StreamWIDE Romania