Hi all, we'd like to use the ppolicy overlay to implement password locking after a certain number of bind failures. Sadly ppolicy does not distinguish between failures with different passwords (probably a dictionary attack) and failures with the same password (a client using an old, expired, password). This would easily lead to locking out users shortly after password change. I read that Zytrax has developed for Mozilla a modified version of ppolicy: http://www.zytrax.com/books/ldap/ch6/ppolicy.html which can distinguish between unique and repeated passwords. The page states the modified mozilla-ppolicy is available for openldap 2.4.11 and 2.4.16. Has anyone tried it with a newer version of openldap? Is it working?

Thank you in advance, Stefano