[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy overlay password problem

To: <OpenLDAP-software@OpenLDAP.org>
Subject: ppolicy overlay password problem
From: "Baoning Pan" <bpan@net2phone.com>
Date: Mon, 7 Nov 2005 18:08:40 -0500
Content-class: urn:content-classes:message
Thread-index: AcXj8BSQPubtu+BhRYuZXmJncbr4nw==
Thread-topic: ppolicy overlay password problem

Hi,

I need help on ppolicy as this is the first time I try to use it for company internal use.  I search the mail listing and web and cannot find same problem.  

I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g.  First I started slapd without ppolicy, and things works fine.  Then, I added ppolicy overlay/schema.  slapd started/loaded fine.  But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user.  

Thanks.


Here are the ppolicy related entries/ldif for my slapd.conf

include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema
overlay         ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com"
ppolicy_use_lockout


dn: ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit

dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard Policy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device

Follow-Ups:
- Re: ppolicy overlay password problem
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: "threads" directive OpenLDAP 2.0.* & 2.1.*
Next by Date: Re: ppolicy overlay password problem
Index(es):
- Chronological
- Thread