Did you add this user _after_ putting the overlay ppolicy in your config or before? In my past experience only entries that were added after the fact were affected.
On Fri, Aug 15, 2008 at 9:12 AM, <[EMAIL PROTECTED]> wrote: > Here are the results after multiple bad attempts to bind to the LDAP > server. > Additionally, I changed the password for the user before I started, and > I don't see attributes related to that either > > [EMAIL PROTECTED]:~> ldapsearch -D "cn=manager,dc=pjm,dc=com" -Wx -b > "dc=pjm,dc=com" "(uid=testuser)" + > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=pjm,dc=com> with scope subtree > # filter: (uid=testuser) > # requesting: + > # > > # testuser, People, Test, External, pjm.com > dn: uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com > structuralObjectClass: inetOrgPerson > entryUUID: e15065de-f814-102c-85ad-6b504a287112 > creatorsName: cn=manager,dc=pjm,dc=com > createTimestamp: 20080806150541Z > entryCSN: 20080813115547Z#000000#00#000000 > modifiersName: cn=stoat,dc=pjm,dc=com > modifyTimestamp: 20080813115547Z > entryDN: uid=testuser,ou=People,ou=Test,ou=External,dc=pjm,dc=com > subschemaSubentry: cn=Subschema > hasSubordinates: FALSE > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > -----Original Message----- > From: Andrew Findlay [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 14, 2008 2:46 PM > To: DiSciascio, Paul > Cc: [email protected] > Subject: [Probable SPAM] Re: ppolicy password lockout > > > On Thu, Aug 14, 2008 at 07:58:44AM -0400, [EMAIL PROTECTED] wrote: > > > I don't see any pwdFailureTime attributes ever show up for the user > > in question, and the password never locks after bad password attempts. > > When reading the user entry are you requesting the operational > attributes? You need to do that to see things like failure times. Add > '+' to the end of the ldapsearch command and see what you get. > > Andrew > -- > ----------------------------------------------------------------------- > | From Andrew Findlay, Skills 1st Ltd | > | Consultant in large-scale systems, networks, and directory services | > | http://www.skills-1st.co.uk/ +44 1628 782565 | > ----------------------------------------------------------------------- > > -- Adam Leach BS Computer/Electrical Engineering West Virginia University System Administrator - Raytheon (304)677-4455
