Hi Everybody, <https://stackoverflow.com/posts/76341444/timeline>
Sorry, we are figghting with pwdAccountLockedTime.
I want to use "pwdAccountLockedTime" attribute to automatically lock an
account using OpenLDAP (v.2.5.14). Whatever the value in the field, the
account is never locked.
I first started by activating the "ppolicy" module using slapadd and a
ppolicy-module.ldif file suh as mentioned here
"https://stackoverflow.com/questions/49257247/how-to-activate-ppolicy-module-in-openldap";,
then I have checked that the module is loaded and I did not have any
problem:
|$ sudo slapcat -n 0 | grep olcModuleLoad | grep ppolicy olcModuleLoad:
{0}ppolicy |
Then, I have extended the LDAP scheme to allow using of ppolicy
attributes such as "pwdAccountLockedTime". I have set it to
"00000101000000Z" in order to lock permanently an account (to check if
it was working). But I still can connect (using LDAP Admin tools) with
the account that was supposed to be locked.
We also tried to modify the value
dn: uid=...
replace: pwdAccountLockedTime
pwdAccountLockedTime: 20221021135537Z
And even with dates in the future, but we are still able to connect.
With whoami command, or from a SOGo webmail connected to the LDAP server.
Any idea?
Thank in advance for your help.
Best
Damien
