[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5648) ppolicy controls entries without objectclass pwdPolicy

Full_Name: Dieter Kluenter
Version: 2.4.11
OS: openSUSE-11.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

man slapo-ppolicy(5) says that the overlay depends on objectclass pwdPolicy and
Every  account that should be subject to password policy control should have
But ppolicy is controlling every enty, even those without attribute pwdPolicy
and attribute pwdPolicySubentry.
I have created a test entry, which is not subject to password policy but got
locked out after 3 binds with wrong password.

dn: cn=pw tester,o=avci,c=de
cn: pw tester
createTimestamp: 20080808132851Z
creatorsName: cn=admin,o=avci,c=de
description: Password Tester
entryCSN: 20080808132851.203028Z#000000#000#000000
entryDN: cn=pw tester,o=avci,c=de
entryUUID: af06a7e2-f999-102c-8d8e-df96a2a401d4
hasSubordinates: FALSE
modifiersName: cn=admin,o=avci,c=de
modifyTimestamp: 20080808132851Z
objectClass: person
pwdAccountLockedTime: 20080808133126Z
pwdChangedTime: 20080808132851Z
pwdFailureTime: 20080808133058Z
pwdFailureTime: 20080808133109Z
pwdFailureTime: 20080808133126Z
sn: tester
structuralObjectClass: person
subschemaSubentry: cn=Subschema
userPassword: tested