Re: ppolicy and pwdGraceUseTime

Hi,

I think you are confusing between the password expiration and account lockout.

If your account is locked after several failed attempts to bind, you cannot modify your passwords.

Cheers.

Le 28/08/2015 18:37, Craig White a écrit :

Openldap 2.4.39

Adding in policy in already running OpenLDAP installation. Mostly functional – I was locked out after failed password attempts as expected.

Existing user with password beyond expiration is an issue. It is extended grace logins as expected but when I try to change the password, I get an error which appears to be “error 16 – modify/delete: pwdGraceUseTime: no such attribute”