Hi there,

I have a problem with ppolicy and got stuck finding a solution.
I am using openldap-2.4.40-9 Oracle 7.2, the lock seems to be ignored.

This what I have configured
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: ppolicy.la
olcModulePath: /usr/lib64/openldap

dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=ppolicy,ou=policies,dc=ddd
olcPPolicyUseLockout: TRUE
olcPPolicyHashCleartext: TRUE

dn: cn=ppolicy,ou=policies,dc=ddd
objectClass: top
objectClass: device
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
cn: ppolicy
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdInHistory: 4
pwdMinLength: 8
pwdMaxFailure: 6
pwdFailureCountInterval: 1800
pwdCheckQuality: 1
pwdMustChange: TRUE
pwdGraceAuthNLimit: 3
pwdMaxAge: 3600
pwdExpireWarning: 31536000
pwdLockoutDuration: 900
pwdLockout: TRUE
pwdCheckModule: pwcheck.la

and I tried to add the attribute
pwdReset: TRUE
and
pwdAccountLockedTime: 20110214195250Z

in a specific user, however, the user is not locked and I do not even been ask to change the password

Here is what happens

ldapwhoami -e ppolicy -x -D  "uid=ldap001,ou=People,dc=ddd" -W -h localhost

Enter LDAP Password: 
dn:uid=ldap001,ou=People,dc=ddd