Its solving problem with security policy. Thank you. Please, update documentation for security policy in OpenLdap.
Now: "This attribute controls the action taken when an account has had more consecutive failed bind attempts with invalid passwords than is defined by pwdMaxFailure." But pwdLockout : TRUE enables other security blocks too, and this blocks don't work without it. 08.10.09, 11:21, "Clément OUDOT" <[email protected]>: > Le 7 octobre 2009 19:51, Evgeniy a écrit : > > > > On releases up to 2.4.16 (2.3.x too) works next config : > > > > overlay ppolicy > > ppolicy_default > > "cn=CompanyAccountPolicy,ou=CompanyPolicies,dc=Company,dc=com" > > ppolicy_hash_cleartext > > ppolicy_use_lockout > > > > On 2.4.18, 2.4.19 its don't work. > > > >>>you have to apply a password policy to your > entry, either by setting a > >>>default password policy in ppolicy overlay > configuration > > > > How I can do it ? > The configuration looks correct. The pwdAccountLockedTime attribute > should deactivate an entry in the directory. Be sure to have a TRUE > value in pwdLockout attribute of > cn=CompanyAccountPolicy,ou=CompanyPolicies,dc=Company,dc=com > Clément. -- ---______________________________________________--- С уважением, Евгений
