The test022 script in the bundled test suite specifically tests for
authentication using an incorrect password, and this test works
correctly in my 2.3.11 build. As such, I do not believe there is any bug
in OpenLDAP software here. You should check whatever software you're
using to "login."
Baoning Pan wrote:
Hi,
I need help on ppolicy as this is the first time I try to use it for company internal use. I search the mail listing and web and cannot find same problem.
I compiled openldap 2.3.11 on Solaris 8, with bdb.4.3.29 and openssl.0.9.7g. First I started slapd without ppolicy, and things works fine. Then, I added ppolicy overlay/schema. slapd started/loaded fine. But I get big problem with user password, user can login with "ANY WORD" as its password even though I can see new "pwdFailureTime" entry is added to ldap db for that user.
Thanks.
Here are the ppolicy related entries/ldif for my slapd.conf
include /usr/local/openldap/etc/openldap/schema/ppolicy.schema
overlay ppolicy
ppolicy_default "cn=Standard Policy,ou=Policies,dc=n2p,dc=com"
ppolicy_use_lockout
dn: ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit
dn: cn=Standard Policy,ou=Policies,dc=n2p,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: Standard Policy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
