we'd like to use the ppolicy overlay to implement password locking after
a certain number of bind failures. Sadly ppolicy does not distinguish
failures with different passwords (probably a dictionary attack) and
with the same password (a client using an old, expired, password).
This would easily lead to locking out users shortly after password change.
I read that Zytrax has developed for Mozilla a modified version of ppolicy:
which can distinguish between unique and repeated passwords.
The page states the modified mozilla-ppolicy is available for openldap
2.4.11 and 2.4.16.
Has anyone tried it with a newer version of openldap? Is it working?
Thank you in advance,