[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy (how to get hands on the password policy response)

I have enabled pwdMaxAge and the ppolicy correctly locks an account if
the the password's age is older than the given definition.
But when I bind to an account with an expired password I only get the
regular InvalidCredentials response. I want to be able to give the
user a more descriptive error message (like: Your password has

I have enabled ppolicy_use_lockout, but how can I get hands on the
password policy response?

The following log entries occour when i try to bind to an account with
a password which is about to expire / has expired:
Jan 13 13:24:57 foobar slapd[72391]: ppolicy_bind: Setting warning for
password expiry for uid=foobar,cn=Users,dc=foo,dc=bar = 89129 seconds
Jan 13 13:47:32 foobar slapd[72391]: ppolicy_bind: Entry
uid=foobar,cn=Users,dc=foo,dc=bar has an expired password: -1 grace

Thanks in advance
Jørgen Løkke