[Date Prev][Date Next]
Re: pwdAccountLockedTime and delta-syncrepl
On Thu, Oct 9, 2008 at 3:53 PM, Sam Tran <email@example.com> wrote:
> Dear All,
> 2- Tried N bind attempts to *LDAP consumer* with N = pwdMaxFailure and
> wrong password. N pwdFailureTime attributes and one
> pwdAccountLockedTime attribute were added to the binding DN on
> consumer. As a result it was *not* possible to bind to the consumer
> using the correct password.
> Changing the password on the provider caused the pwdFailureTime
> attributes to be removed on the consumer. But the pwdAccountLockedTime
> attribute was still present in the binding DN on the consumer. As a
> result it was *still not* possible to bind to the consumer using the
> new password.
> Is this the expected behavior?
> I thought that changing the password on the provider would remove both
> the pwdFailureTime and pwdAccountLockedTime attributes on the
> consumer, thus allowing me to bind to the consumer.
Now it is becoming more confusing. I performed the same test #2. After
changing the password once on the provider, only the pwdFailureTime
attributes were deleted on the consumer. If I changed the password a
second time on the provider, the pwdAccountLockedTime attribute on the
consumer gets deleted this time ...
Is it how it is supposed to work?
Any hints please?