On Thu, Oct 9, 2008 at 3:53 PM, Sam Tran <[EMAIL PROTECTED]> wrote: > Dear All, > [snip] > > 2- Tried N bind attempts to *LDAP consumer* with N = pwdMaxFailure and > wrong password. N pwdFailureTime attributes and one > pwdAccountLockedTime attribute were added to the binding DN on > consumer. As a result it was *not* possible to bind to the consumer > using the correct password. > Changing the password on the provider caused the pwdFailureTime > attributes to be removed on the consumer. But the pwdAccountLockedTime > attribute was still present in the binding DN on the consumer. As a > result it was *still not* possible to bind to the consumer using the > new password. > Is this the expected behavior? > I thought that changing the password on the provider would remove both > the pwdFailureTime and pwdAccountLockedTime attributes on the > consumer, thus allowing me to bind to the consumer. >
Now it is becoming more confusing. I performed the same test #2. After changing the password once on the provider, only the pwdFailureTime attributes were deleted on the consumer. If I changed the password a second time on the provider, the pwdAccountLockedTime attribute on the consumer gets deleted this time ... Is it how it is supposed to work? Any hints please? Thanks. -- Sam
