[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy overlay password problem


I need help on ppolicy as this is the first time I try to use it for company internal use.  I search the mail listing and web and cannot find same problem.  

I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g.  First I started slapd without ppolicy, and things works fine.  Then, I added ppolicy overlay/schema.  slapd started/loaded fine.  But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user.  


Here are the ppolicy related entries/ldif for my slapd.conf

include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema
overlay         ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com"

dn: ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit

dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard Policy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device