Problem with ppolicy - openldap-technical

8 Jun 2016


      Hi there,
I have a problem with ppolicy and got stuck finding a solution.
I am using openldap-2.4.40-9 Oracle 7.2, the lock seems to be ignored.
This what I have configured
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: ppolicy.la
olcModulePath: /usr/lib64/openldap
dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=ppolicy,ou=policies,dc=ddd
olcPPolicyUseLockout: TRUE
olcPPolicyHashCleartext: TRUE
dn: cn=ppolicy,ou=policies,dc=ddd
objectClass: top
objectClass: device
objectClass: pwdPolicyChecker
objectClass: pwdPolicy
cn: ppolicy
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdInHistory: 4
pwdMinLength: 8
pwdMaxFailure: 6
pwdFailureCountInterval: 1800
pwdCheckQuality: 1
pwdMustChange: TRUE
pwdGraceAuthNLimit: 3
pwdMaxAge: 3600
pwdExpireWarning: 31536000
pwdLockoutDuration: 900
pwdLockout: TRUE
pwdCheckModule: pwcheck.la
and I tried to add the attribute
pwdReset: TRUE
and
pwdAccountLockedTime: 20110214195250Z
in a specific user, however, the user is not locked and I do not even
been ask to change the password
Here is what happens
ldapwhoami -e ppolicy -x -D  "uid=ldap001,ou=People,dc=ddd" -W -h localhost
Enter LDAP Password:
dn:uid=ldap001,ou=People,dc=ddd
Any idea what I should check