[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Ldap password policy not throwing different errors
Am Sun, 5 Jan 2014 15:13:51 +0000
schrieb Idan Fridman <idanf@cellebrite.com>:
>
> Hi,
>
> I use ppolicy overlay and enabled ppolicy_use_lockout to separate
> between invalid password and locked accounts.
>
> database bdb
> suffix "dc=openiam,dc=com"
> rootdn "cn=Manager,dc=openiam,dc=com"
> rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
> # PPolicy Configuration
> overlay ppolicy
> ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
> ppolicy_use_lockout
> ppolicy_hash_cleartext
>
> I tried to lock user account by entering wrong password couple of
> times (pwdMaxFailure)
>
> The user is being locked but when I try to login again I still get
> the same error:
>
> Invalid credentials (49)
>
> Any idea why i am not getting diffrent error to disticnt between the
> cases?
1. there is no appropriate result message for password policy. RFC 4511
Section 4.1.9 defines all result messages and Appendix A provides in
brief a general description.
2. In your particular case result 49 is a substitution in order to
prevent an unauthorized disclosure.
-Dieter
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E