2014-08-05 17:56 GMT+02:00 Bram Cymet <bcymet@cbnco.com>:

I am getting a little further with this.

I have added

pwdLockOut = TRUE
pwdMaxFialure = 5
pwdMinLength = 8

Now if I try to log in with the wrong password it add a pwdFailureTime
attribute to the user as expected and after 5 I can't bind as that user
anymore. Then if I reset the password the user can log in again. So at
least something with the policy is working.

When I change the password however it allows passwords with less then 8
characters and pwdReset is still not set on the user's entry.

Any thoughts on what might be happening?

Hi,

1/ Password policy is not applied on password modification if the operation is done with the manager account

2/ Password size or strength is not verified if password is sent in hashed form, you need to send cleartext password to be able to check it

3/ pwdReset is not set to TRUE automatically, you need to set it by hand.

Clément.