Hello, I have the following configuration for my overlay ppolicy (OpenLDAP 2.6) It's a testing system!
---------
dn: olcOverlay={0}ppolicy,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=net
olcPPolicyHashCleartext: FALSE
olcPPolicyForwardUpdates: FALSE
olcPPolicyUseLockout: TRUE
---------
My default-policy:
---------
dn: cn=default,ou=policies,dc=example,dc=net
objectClass: pwdPolicy
objectClass: person
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdExpireWarning: 1440
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: TRUE
pwdFailureCountInterval: 300
pwdMaxFailure: 5
pwdMinLength: 8
sn: OurDefaultPolicy
pwdLockoutDuration: 120
pwdMustChange: TRUE
pwdMaxAge: 2000
---------
Everything works, but I don't get a different message if the account is
locked because of to many bad locking attempts.
The manpage of slapo-ppolicy telling me: ppolicy_use_lockout = TRUE then a AccountLocked is shown. But I still get: Permission denied, please try again.if I'm giving the correct password after the account is locked because of to many bad locking attempts.
Did I miss something? If "yes" what? Thank's Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
