[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with security ppolicy / solved by ->> 2.4.16

To: Evgeniy <evplus@yandex.ru>
Subject: Re: problem with security ppolicy / solved by ->> 2.4.16
From: Howard Chu <hyc@symas.com>
Date: Thu, 24 Sep 2009 12:03:48 -0700
Cc: openldap-software@openldap.org
In-reply-to: <644591253796564@webmail9.yandex.ru>
References: <138141253640763@webmail23.yandex.ru> <4ABA7FA8.9010203@symas.com> <644591253796564@webmail9.yandex.ru>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090909 SeaMonkey/2.0a1pre Firefox/3.0.3

Evgeniy wrote:

   downgrade to 2.4.16  solves  this problem.
thank you.
      	hopefully,   this bug will fixed in next  release...

There is no bug, pwdAccountLockedTime works as designed. It is explicitlychecked in test022 of the test suite so you can see for yourself that it workscorrectly.


Your configuration is wrong, therefore no lock is performed.

24.09.09, 00:06, "Howard Chu"<hyc@symas.com>:

Evgeniy wrote:

    hello

       OpenLdap 2.4.18.

Attribute "pwdAccountLockedTime" is set, but auth is still Ok . Why ? On

Ldap 2.3 it works normal - user don't auth after this date.
Most likely because of ITS#6168. The behavior prior to 2.4.17 did not conform
to the spec, and is fixed in 2.4.17 onward.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: problem with security ppolicy
  - From: Evgeniy <evplus@yandex.ru>

References:
- problem with security ppolicy
  - From: Evgeniy <evplus@yandex.ru>
- Re: problem with security ppolicy
  - From: Howard Chu <hyc@symas.com>
- Re: problem with security ppolicy / solved by ->> 2.4.16
  - From: Evgeniy <evplus@yandex.ru>

Prev by Date: chain-rebind-as-user (was: syncrepl, updateref, chain overlay and the authzTo attribute)
Next by Date: Re: problem with security ppolicy
Index(es):
- Chronological
- Thread