Hi,

Did anyone manage to get the *ppolicy overlay* to work on the *consumers *?

The user gets the *pwdAccountLockedTime *attribute on the provider and the consumers. To validate this I use:

/[root@opennms ~]# //*ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap-master.example.com*//* *//*ldap_bind: Invalid credentials (49); Account locked*/

where *ldap-master.example.com* is the *provider*.

/[root@opennms ~]# //*ldapwhoami -x -e ppolicy -D "uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h ldap.example.ro*//* *//*dn:uid=user1,ou=People,ou=Country1,dc=example,dc=com*/

where *ldap.example.ro* is one of the *consumers*.

The same issue occurs also on expired passwords. On the consumer I've used *ppolicy_forward_updates* and that works like a charm.

Did I miss something vital in the configuration ?

Thx!