Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8641A10ABD for ; Fri, 6 Dec 2013 10:33:49 +0000 (UTC) Received: (qmail 71047 invoked by uid 500); 6 Dec 2013 10:33:47 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 70898 invoked by uid 500); 6 Dec 2013 10:33:39 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 70834 invoked by uid 99); 6 Dec 2013 10:33:35 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Dec 2013 10:33:35 +0000 Date: Fri, 6 Dec 2013 10:33:35 +0000 (UTC) From: "Konrad Windszus (JIRA)" To: dev@directory.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DIRSERVER-1927) pwdmaxfailure seems not be be respected correctly MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DIRSERVER-1927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841159#comment-13841159 ] Konrad Windszus commented on DIRSERVER-1927: -------------------------------------------- Compare with 5.2.13 from RFC draft for password policies (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10) {quote} 5.2.13. pwdMaxFailure This attribute specifies the number of consecutive failed bind attempts after which the password may not be used to authenticate. If this attribute is not present, or if the value is 0, this policy is not checked, and the value of pwdLockout will be ignored. ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) {quote} > pwdmaxfailure seems not be be respected correctly > ------------------------------------------------- > > Key: DIRSERVER-1927 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1927 > Project: Directory ApacheDS > Issue Type: Bug > Environment: Ubuntu 12.04 64bit Server, apacheds-2.0.0-M12-default > Reporter: Stephan Becker > > Goal: > is to lock an account but not allow automatic account locking by failed attempts. > Supposed working method: > using -1 or 0 as a value or deleting the ads-pwdmaxfailure attribute to not allow automatic account locking > Result: > using the above methods locks the account anyways > Workaround: > using the max value of 99999999 works BUT using this value might cause an issue f.e. with a technical user experiencing a connection loss or some other issue. -- This message was sent by Atlassian JIRA (v6.1#6144)