[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4134) pwdFailureTime entries not deleted after successful BIND



On Thu, 2005-11-03 at 11:56 -0800, Howard Chu wrote:
> stran@amnh.org wrote:
> > However if I intentionally failed a bind once and then do a successful
> > bind, the pwdFailureTime is not deleted as described in man
> > slapo-ppolicy.
> >   
> That works for me, has been working for a long time. Try running slapd 
> with debug -d7 and do the binds. You should see an internal modify 
> operation with each bind, to update these attributes. Make sure they end 
> with "send_ldap_result: err=0" or find out what error they're getting, 
> if any.

Howard,

I found out what the problem was: the P-Synch third party plugin was
modifying the ppolicy behavior. This plugin detects a password change,
check the password strength and then do the password update.

I guess that I should not use it anymore ...

Without the plugin pwdFailureTime is deleted after a successful bind.

Thanks for your help.

--
Sam