I want to use "pwdAccountLockedTime" attribute to automatically lock an account using OpenLDAP (v.2.5.14). Whatever the value in the field, the account is never locked.
I first started by activating the "ppolicy" module using slapadd and a ppolicy-module.ldif file suh as mentioned here "https://stackoverflow.com/questions/49257247/how-to-activate-ppolicy-module-in-openldap", then I have checked that the module is loaded and I did not have any problem:
$ sudo slapcat -n 0 | grep olcModuleLoad | grep ppolicy
olcModuleLoad: {0}ppolicy
Then, I have extended the LDAP scheme to allow using of ppolicy attributes such as "pwdAccountLockedTime". I have set it to "00000101000000Z" in order to lock permanently an account (to check if it was working). But I still can connect (using LDAP Admin tools) with the account that was supposed to be locked.
We also tried to modify the value
dn: uid=...
replace: pwdAccountLockedTime
pwdAccountLockedTime: 20221021135537Z
And even with dates in the future, but we are still able to
connect. With whoami command, or from a SOGo webmail connected
to the LDAP server.
Thank in advance for your help.
Best
Damien