You're right, I apologize for reading too fast the original request. It seemed similar to a problem I had months ago and replied consequently. Sorry.
Marco On Fri, Jul 2, 2010 at 6:00 PM, Chris Jacobs <[email protected]>wrote: > "ppolicy_forward_updates" won't affect the primary issue of: > * wrong password --> got ldapsearch results: > "...(type in wrong password for binding) ldapsearch get me search > results..." > > Also, it seems he already has that setup: > "it just adds a pwdFailureTimeattribute on the provider and consumer" > > I have nothing to add (having chased this issue myself unsuccessfully) > except to clarify what the original poster wrote. > > This is the third time we've heard of the issue. > > Christian: > * What OS/ver are you using? > * What version of PAM is installed? > * What does your slapd.conf look like on your consumer (don't make the noob > mistake I did of posting real domain, rootdn and rootpw info)? > > - chris > > Chris Jacobs, Systems Administrator > Apollo Group | Apollo Marketing | Aptimus > 2001 6th Ave Ste 3200 | Seattle, WA 98121 > phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 > email: [email protected] > > ------------------------------ > *From*: > [email protected]<[email protected]> > > *To*: Christian Bösch <[email protected]> > *Cc*: [email protected] <[email protected]> > *Sent*: Fri Jul 02 07:18:51 2010 > *Subject*: Re: ldap bind and password policy > > Hi, you have to add in your configuration of ppolicy overlay the directive > about the forwarding of operational attirbutes related to ppolicy to the > master server. So you have this attributes syncronized in all your servers. > > ppolicy_forward_updates available since version 2.4.18. > > Regards > Marco > > On Fri, Jul 2, 2010 at 1:46 PM, Christian Bösch <[email protected]> wrote: > >> hi, >> >> i just added password policy overlay to our openldap servers (2.4.21) >> it works fine in general. i can change password as user and it gets well >> replicated >> between provider and consumer. >> >> but since i added password policy i have a strange behaviour: >> _i do a ldapsearch on the provider and type in a wrong password for the >> binding user, >> then i get: ldap_bind: Invalid credentials (49) - as expected >> _if i do the same on the consumer (type in wrong password for binding) >> ldapsearch >> get me search results without to complain about wrong password. it just >> adds a pwdFailureTime >> attribute on the provider and consumer. but i also expect to get a >> ldap_bind: Invalid credentials (49) error? >> >> thx for any ideas! >> >> /chris >> >> >> > > > -- > _________________________________________ > Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. > Jim Morrison > > ------------------------------ > This message is private and confidential. If you have received it in error, > please notify the sender and remove it from your system. > > -- _________________________________________ Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison
