[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy help

To: sphe@loc.gov
Subject: Re: ppolicy *help*
From: "Joshua M. Miller" <joshua@itsecureadmin.com>
Date: Tue, 14 Aug 2007 06:23:45 -0700
Cc: openldap-software@openldap.org
In-reply-to: <46C0CC66.5020908@loc.gov>
References: <46C0CC66.5020908@loc.gov>
User-agent: Thunderbird 2.0.0.5 (X11/20070719)

Please note that the pwdLockoutDuration is in seconds...so if you get locked out, it's only for 15 seconds in your case. You may want to increase this value to something like 15 minutes (900 seconds) for testing.

HTH,
--
Joshua M. Miller - RHCE,VCP


Scott Phelps wrote:


* defaultPolicy.ldif
========================
dn: cn=defaultPolicy,ou=policies,#####SECRET######
cn: defaultPolicy
objectClass: organizationalRole
objectClass: pwdPolicy
objectClass: top
pwdLockout: TRUE
pwdMaxFailure: 3
pwdAttribute: userPassword
pwdGraceAuthNLimit: 3
pwdLockoutDuration: 15
pwdAllowUserChange: TRUE

So with this all in place I get no errors starting slapd (the module
gets loaded.)  I run the following command 4 times:
ldapsearch -P 3 -x  -LLL -e ppolicy -D
"uid=ppolictest,ou=people,#####SECRET######" -W "(objectclass=*)"
Entering an incorrect password each time, however the account never gets
locked out and the operational attributes never change.

References:
- ppolicy *help*
  - From: Scott Phelps <sphe@loc.gov>

Prev by Date: Re: preserve value order with referential integrity overlay?
Next by Date: Re: preserve value order with referential integrity overlay?
Index(es):
- Chronological
- Thread

Re: ppolicy *help*

Re: ppolicy help