[Date Prev][Date Next]
Re: (ITS#4134) pwdFailureTime entries not deleted after successful BIND
On Thu, 2005-11-03 at 11:56 -0800, Howard Chu wrote:
> firstname.lastname@example.org wrote:
> > However if I intentionally failed a bind once and then do a successful
> > bind, the pwdFailureTime is not deleted as described in man
> > slapo-ppolicy.
> That works for me, has been working for a long time. Try running slapd
> with debug -d7 and do the binds. You should see an internal modify
> operation with each bind, to update these attributes. Make sure they end
> with "send_ldap_result: err=0" or find out what error they're getting,
> if any.
I found out what the problem was: the P-Synch third party plugin was
modifying the ppolicy behavior. This plugin detects a password change,
check the password strength and then do the password update.
I guess that I should not use it anymore ...
Without the plugin pwdFailureTime is deleted after a successful bind.
Thanks for your help.