Thanks,
Idan.
----- Reply message -----
From: "Dieter Klünter" <dieter@dkluenter.de>
To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Ldap password policy not throwing different errors
Date: Sun, Jan 5, 2014 21:33
Am Sun, 5 Jan 2014 15:13:51 +0000
schrieb Idan Fridman <idanf@cellebrite.com>:
Hi,
I use ppolicy overlay and enabled ppolicy_use_lockout to separate
between invalid password and locked accounts.
database bdb
suffix "dc=openiam,dc=com"
rootdn "cn=Manager,dc=openiam,dc=com"
rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
# PPolicy Configuration
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
I tried to lock user account by entering wrong password couple of
times (pwdMaxFailure)
The user is being locked but when I try to login again I still get
the same error:
Invalid credentials (49)
Any idea why i am not getting diffrent error to disticnt between the
cases?
1. there is no appropriate result message for password policy. RFC 4511
Section 4.1.9 defines all result messages and Appendix A provides in
brief a general description.
2. In your particular case result 49 is a substitution in order to
prevent an unauthorized disclosure.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
This e-mail and the information it contains may be privileged and/or
confidential. It is intended solely for the use of the named
recipient(s). If you are not the intended recipient you may not
disclose, copy, distribute or retain any part of this message or
attachments. If you have received this e-mail in error please notify the
sender immediately [by clicking 'Reply'] and delete this e-mail.