[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5648) ppolicy controls entries without objectclass pwdPolicy

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5648) ppolicy controls entries without objectclass pwdPolicy
From: dieter@dkluenter.de
Date: Fri, 8 Aug 2008 15:14:34 GMT

Michael Ströder <michael@stroeder.com> writes:

> dieter@dkluenter.de wrote:
>> man slapo-ppolicy(5) says that the overlay depends on objectclass pwdPolicy and
>> Every  account that should be subject to password policy control should have
>> pwdPolicySubentry...
>> But ppolicy is controlling every enty, even those without attribute pwdPolicy
>> and attribute pwdPolicySubentry.
>> I have created a test entry, which is not subject to password policy but got
>> locked out after 3 binds with wrong password.
>
> Do you have 'ppolicy_default' set in slapd.conf?
> What happens if you remove that?

Yes, I do have
ppolicy_default "cn=user,cn=policies,o=avci,c=de"
but this should only be applicable if the entry belongs to
objectclass pwdPolicy but not without objectclass pwdPolicy
declaration. 

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

Prev by Date: Re: (ITS#5648) ppolicy controls entries without objectclass pwdPolicy
Next by Date: Re: (ITS#5648) ppolicy controls entries without objectclass pwdPolicy
Index(es):
- Chronological
- Thread