[Date Prev][Date Next] [Chronological] [Thread] [Top]

Enforcing Password Policy - Testing Lockout

  Currently I'm using Symas OPENLDAP 2.4.12.. It internally uses openLDAP 2.4.12 software
  I'm able to populate users in openldap database. Following is LDIF File I'm using
dn: dc=crmsldap,dc=company
dc: crmsldap
objectClass: dcObject
objectClass: organization
o: My company

dn: ou=group,dc=crmsldap,dc=company
objectClass: top
objectClass: organizationalUnit
ou: group

dn: ou=people,dc=crmsldap,dc=company
objectClass: top
objectClass: organizationalUnit
ou: people

dn: ou=policies,dc=crmsldap,dc=company
objectClass: top
objectClass: organizationalUnit
ou: policies

dn: cn=default,ou=policies,dc=crmsldap,dc=company
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdMinLength: 2
pwdMaxFailure: 2
pwdLockout: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdGraceAuthNLimit: 2
pwdInHistory: 2
pwdLockoutDuration: 0
pwdSafeModify: FALSE

dn: cn=admin,ou=group,dc=crmsldap,dc=company
objectClass: top
objectClass: posixGroup
gidNumber: 100

dn: uid=admin,ou=people,dc=crmsldap,dc=company
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn:  administrator
sn:  Administrator
uid: admin
userPassword: admin
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/admin

I have made all necassary changes to slapd.conf file

After I give wrong password even 10 times. at the 11th time, if I give right password I'm able to login to openLDAP...

Can somebody explain what is wrong in my LDIF File...