directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1927) pwdmaxfailure seems not be be respected correctly
Date Fri, 06 Dec 2013 10:33:35 GMT


Konrad Windszus commented on DIRSERVER-1927:

Compare with 5.2.13 from RFC draft for password policies (

5.2.13. pwdMaxFailure

   This attribute specifies the number of consecutive failed bind
   attempts after which the password may not be used to authenticate.
   If this attribute is not present, or if the value is 0, this policy
   is not checked, and the value of pwdLockout will be ignored.

         NAME 'pwdMaxFailure'
         EQUALITY integerMatch
         SINGLE-VALUE )

> pwdmaxfailure seems not be be respected correctly
> -------------------------------------------------
>                 Key: DIRSERVER-1927
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>         Environment: Ubuntu 12.04 64bit Server, apacheds-2.0.0-M12-default
>            Reporter: Stephan Becker
> Goal:
> is to lock an account but not allow automatic account locking by failed attempts.
> Supposed working method:
> using -1 or 0 as a value or deleting the ads-pwdmaxfailure attribute to not allow automatic
account locking
> Result:
> using the above methods locks the account anyways
> Workaround:
> using the max value of 99999999 works BUT using this value might cause an issue f.e.
with a technical user experiencing a connection loss or some other issue.

This message was sent by Atlassian JIRA

View raw message