[Date Prev][Date Next]
Re: ldap bind and password policy
On Monday, 5 July 2010 08:35:02 Christian Bösch wrote:
> now i have tested this and got the following conclusion:
> ppolicy_forward TRUE on the consumer:
> everything is well synced
> ldapsearch on the consumer with wrong binding password gets search results.
> not so on the provider. here i get ldap_bind: Invalid credentials (49)
So, the new feature does not seem to work correctly. Has someone filed an ITS?
> ppolicy_forward FALSE on the consumer:
> ldapsearch with wrong password results on both machines in invalid
> credentials. i'm wondering that pwdHistory is synced well however...
pwdHistory can only be updated on the provider, so this is not a concern.
> pwdFailureTime is only synced from provider to consumer. if failed
> authentication takes place on the consumer, then pwdFailureTime is added
> only on the consumer locally which is a problem if i want to use lockout.
This is the same as the behaviour prior to this feature. There are