[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4134) pwdFailureTime entries not deleted after successful BIND

stran@amnh.org wrote:
> Just built and installed HEAD.
> After 'pwdMaxFailure' failed binds the user account is locked. Resetting
> the password deletes the attributes pwdAccountLockedTime and
> pwdFailureTime.
OK, good.

> However if I intentionally failed a bind once and then do a successful
> bind, the pwdFailureTime is not deleted as described in man
> slapo-ppolicy.
That works for me, has been working for a long time. Try running slapd 
with debug -d7 and do the binds. You should see an internal modify 
operation with each bind, to update these attributes. Make sure they end 
with "send_ldap_result: err=0" or find out what error they're getting, 
if any.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/