>Do you also look at the decreasing grace login counter in diagnostic message?
The AF tests evaluate grace / ensure it maintains proper count, locks when it reaches zero. Not evaluating the diagnostic message. -- Shawn ----- Original Message ----- From: "Michael Ströder" <mich...@stroeder.com> To: "openldap-devel" <openldap-devel@openldap.org> Sent: Monday, May 3, 2021 10:57:44 AM Subject: Re: slapo-ppolicy 2.4 vs. 2.5 On 5/3/21 5:39 PM, smckin...@symas.com wrote: >> From: "Michael Ströder" <mich...@stroeder.com> >> Do you have any tests you could run against 2.4 and 2.5 to verify >> whether both have same behaviour? > > I have tested 2.4 and 2.5 pw policies using Apache Fortress tests: Do you also look at the decreasing grace login counter in diagnostic message? > The only functional difference that I found was 2.5 now requires > sending the RelaxControl ("1.3.6.1.4.1.4203.666.5.12") on the > following ops:> > - lock/unlock > - mods of user's pwdPolicySubentry attribute Currently not relevant for my tests. > Other than that, everything else worked the same, besides no longer > including the pwpolicy.schema in the server config of course. This is already covered since quite a while by checking whether file ppolicy.ldif exists in the schema/ directory or not. Ciao, Michael.