>Do you also look at the decreasing grace login counter in diagnostic message?

The AF tests evaluate grace / ensure it maintains proper count, locks when it 
reaches zero. Not evaluating the diagnostic message.

--
Shawn

----- Original Message -----
From: "Michael Ströder" <mich...@stroeder.com>
To: "openldap-devel" <openldap-devel@openldap.org>
Sent: Monday, May 3, 2021 10:57:44 AM
Subject: Re: slapo-ppolicy 2.4 vs. 2.5

On 5/3/21 5:39 PM, smckin...@symas.com wrote:
>> From: "Michael Ströder" <mich...@stroeder.com>
>> Do you have any tests you could run against 2.4 and 2.5 to verify
>> whether both have same behaviour?
> 
> I have tested 2.4 and 2.5 pw policies using Apache Fortress tests:

Do you also look at the decreasing grace login counter in diagnostic
message?

> The only functional difference that I found was 2.5 now requires
> sending the RelaxControl ("1.3.6.1.4.1.4203.666.5.12") on the
> following ops:>
> - lock/unlock
> - mods of user's pwdPolicySubentry attribute

Currently not relevant for my tests.

> Other than that, everything else worked the same, besides no longer
> including the pwpolicy.schema in the server config of course.
This is already covered since quite a while by checking whether file
ppolicy.ldif exists in the schema/ directory or not.

Ciao, Michael.

Reply via email to