Pregunta
I use ppolicy overlay and enabled ppolicy_use_lockout to separate between invalid password and locked accounts.
https://stackoverflow.com/questions/20934344
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiandatabase bdb
suffix "dc=openiam,dc=com"
rootdn "cn=Manager,dc=openiam,dc=com"
rootpw "{SSHA}2ttRoo/t5HuMT2nPxtI6goVUML5R2H9h"
# PPolicy Configuration
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=openiam,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
I tried to lock user account by entering wrong password couple of times (pwdMaxFailure)
The user is being locked but when I try to login again I still get the same error:
Invalid credentials (49)
Any idea why i am not getting diffrent error to disticnt between the cases?
thanks, ray.
Solución 2
You will get a password policy response control that tells you the error, if you request it with the corresponding request control.
Note that it's a bad idea to let this show through to the user, for the reasons stated in the password policy draft, section 12. Basically you would be leaking information to an attacker.
Note also that this technique also applies to my answer to your previous question which I have now corrected.
Otros consejos
you should add -e ppolicy when use ldapwhoami to get more information like (Password expired, 3 grace logins remain)
