https://bugs.openldap.org/show_bug.cgi?id=9156
--- Comment #5 from Ondřej Kuzník <[email protected]> --- On Fri, Mar 27, 2020 at 05:02:02PM +0000, [email protected] wrote: > Hello, > > Here are the things I have basically tested: > > - pwdLastSuccess, pwdMaxIdle: KO: the user is able to authenticate after the > pwdMaxIdle delay. Also, the pwdLastSuccess is never written (see > https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-5.3.11). > For information, I have enabled lastbind. The slapo-ppolicy man page does not > mention pwdLastSuccess by the way. Hi David, could you show a configuration when this happens? I cannot reproduce either issue on master. I will update the manpage to mention pwdLastSuccess is used. > - pwdStartTime, pwdEndTime: OK, but there is no special ppolicy code returned, > and if I read correctly the draft > (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.1), > an "accountLocked" extended error code should be triggered. Again, can't seem to be able to reproduce that and test022-ppolicy passes for me. -- You are receiving this mail because: You are on the CC list for the bug.
