[Date Prev][Date Next] [Chronological] [Thread] [Top]

ppolicy password lockout

Title: Message
  I am having trouble getting password lockout to work with openldap 2.3.32-0.27 on SLES 10 Service Pack 2.
  I don't see any pwdFailureTime attributes ever show up for the user in question, and the password never locks after bad password attempts.
  Below is what I've done so far to set this up (note: i have found no errors in any logs so far indicating that the overlay isnt working...)  Any help would be greatly appreciated.
As per the ppolicy documentation on the web, I've added the following lines to my slapd.conf:
overlay ppolicy
ppolicy_default "cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com"
Also, here is the ldif for my policy:
dn: cn=stdWebPPolicy,ou=Policies,ou=Config,dc=pjm,dc=com
cn: stdWebPPolicy
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: dummy value
And here is the user I am testing against:
dn: uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: pwdPolicy
objectClass: posixAccount
uid: testuser
cn: testuser
givenName: Test
sn: User
pwdAttribute: userPassword
gidNumber: 123
homeDirectory: /home/testuser
uidNumber: 1234
userPassword: {SSHA}Lz+gz7+HomMnxxq1b+TZpgnxECEbfXs1