https://bugs.openldap.org/show_bug.cgi?id=9156
--- Comment #3 from David Coutadeur <[email protected]> --- Hello, I have made some new tests on OpenLDAP master branch. For information, I had to fix a typo before it compiles: the manpage of pbkdf2 overlay was not correctly written: in contrib/slapd-modules/passwd/pbkdf2/Makefile: ``` MANPAGES = slapd-pw-pbkdf2.5 ``` should be: ``` MANPAGES = slapo-pw-pbkdf2.5 ``` Here are the things I have basically tested: - pwdMaxLength: OK - pwdLastSuccess, pwdMaxIdle: KO: the user is able to authenticate after the pwdMaxIdle delay. Also, the pwdLastSuccess is never written (see https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-5.3.11). For information, I have enabled lastbind. The slapo-ppolicy man page does not mention pwdLastSuccess by the way. - pwdStartTime, pwdEndTime: OK, but there is no special ppolicy code returned, and if I read correctly the draft (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.1), an "accountLocked" extended error code should be triggered. - basic integration with ppm, and in particular the pwdCheckModuleArg (https://github.com/ltb-project/ppm): OK (but will need some adaptation of the check_password signature: https://github.com/ltb-project/ppm/issues/20) Regards, David -- You are receiving this mail because: You are on the CC list for the bug.
