On Friday 14 March 2008 00:11:57 Ryan Steele wrote: > Hello, > > First let me thank the gracious folks on this list who have lent their > advice to me on my path towards implementing ppolicy. I'm making > progress; I can reject new passwords based on password history, and > reject weak passwords. However, I'm having a bit of a time trying to > get the lockouts to work. My policy is defined as: > > 56 cn=Password Policy,ou=Policies,dc=example,dc=com > objectClass: top > objectClass: device > objectClass: pwdPolicy > cn: Password Policy > pwdAttribute: userPassword > pwdMaxAge: 3888000 > pwdMinLength: 6 > pwdExpireWarning: 432000 > pwdFailureCountInterval: 0 > pwdMustChange: FALSE > pwdAllowUserChange: TRUE > pwdSafeModify: TRUE > pwdLockout: TRUE > pwdCheckQuality: 1 > pwdGraceAuthNLimit: 0 > pwdInHistory: 6 > pwdLockoutDuration: 60 > pwdMaxFailure: 3 > > > However, even after many failure attempts, I see no pwdFailureTime > attributes in the offending user's entry:
This worked without any complications for me (on various versions of 2.3, most recently 2.3.34, and currently 2.3.40). How are you testing? Regards, Buchan
