Hi,
Did anyone manage to get the *ppolicy overlay* to work on the *consumers *?
The user gets the *pwdAccountLockedTime *attribute on the provider and
the consumers. To validate this I use:
/[root@opennms ~]# //*ldapwhoami -x -e ppolicy -D
"uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h
ldap-master.example.com*//*
*//*ldap_bind: Invalid credentials (49); Account locked*/
where *ldap-master.example.com* is the *provider*.
/[root@opennms ~]# //*ldapwhoami -x -e ppolicy -D
"uid=user1,ou=People,ou=Country1,dc=example,dc=com" -w'password' -h
ldap.example.ro*//*
*//*dn:uid=user1,ou=People,ou=Country1,dc=example,dc=com*/
where *ldap.example.ro* is one of the *consumers*.
The same issue occurs also on expired passwords.
On the consumer I've used *ppolicy_forward_updates* and that works like
a charm.
Did I miss something vital in the configuration ?
Thx!
--
Andrei BĂNARU
Internal Support
CCNA Security, CCIP
StreamWIDE Romania
