I've just been playing with the ppolicy overlay and noticed
that I wasn't locked out! Took a while to figure out, but I
was only locked out if I was using a simple bind!
I've always used:
userPassword: [EMAIL PROTECTED]
krb5PrincipalName: [EMAIL PROTECTED]
But before testing ppolicy, I changed the userPassword
to '{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==' (=> 'secret').
I always thought that these two went hand in hand, but
my tests now shows that they are not. Is this so?!
Can this have something to do with my sasl-regexp?
----- s n i p -----
sasl-regexp
uid=(.*),cn=int.domain.tld,cn=gssapi,cn=auth
ldap:///[EMAIL PROTECTED]
----- s n i p -----
So the result of this is that I can have one password
for simple binds and one for SASL binds... Not a bad
thing, but still...
Is it possible to apply the ppolicy on SASL binds?
