Hi, I need help on ppolicy as this is the first time I try to use it for company internal use. I search the mail listing and web and cannot find same problem.
I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g. First I started slapd without ppolicy, and things works fine. Then, I added ppolicy overlay/schema. slapd started/loaded fine. But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user. Thanks. Here are the ppolicy related entries/ldif for my slapd.conf include /usr/local/openldap/etc/openldap/schema/ppolicy.schema overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com" ppolicy_use_lockout dn: ou=Policies,dc=n2p,dc=com objectClass: top objectClass: organizationalUnit ou: Policies structuralObjectClass: organizationalUnit dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: Standard Policy pwdAttribute: userPassword pwdLockoutDuration: 120 pwdInHistory: 5 pwdCheckQuality: 2 pwdExpireWarning: 86400 pwdMaxAge: 864000 pwdMinLength: 5 pwdGraceAuthNLimit: 5 pwdAllowUserChange: TRUE pwdMustChange: FALSE pwdMaxFailure: 3 pwdFailureCountInterval: 120 pwdSafeModify: FALSE structuralObjectClass: device
