[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap bind and password policy

On Monday, 5 July 2010 08:35:02 Christian Bösch wrote:
> now i have tested this and got the following conclusion:
> ppolicy_forward TRUE on the consumer:
> everything is well synced
> ldapsearch on the consumer with wrong binding password gets search results.
> not so on the provider. here i get ldap_bind: Invalid credentials (49)

So, the new feature does not seem to work correctly. Has someone filed an ITS?

> ppolicy_forward FALSE on the consumer:
> ldapsearch with wrong password results on both machines in invalid
>  credentials. i'm wondering that pwdHistory is synced well however...

pwdHistory can only be updated on the provider, so this is not a concern.

> pwdFailureTime is only synced from provider to consumer. if failed
>  authentication takes place on the consumer, then pwdFailureTime is added
>  only on the consumer locally which is a problem if i want to use lockout.

This is the same as the behaviour prior to this feature. There are