3 Replies Latest reply: Jun 19, 2014 8:47 AM by Sylvain Duloutre-Oracle RSS

    pwdmaxfail entry not working sun ds

    Sumit_the_Admin

      Hello,

       

      we are using solaris 10 servers and  all the users are ldap users in SUN DS.

      password policy in ldap is as below

       

      # ldapsearch -T -p 389 -D "cn=Directory Manager" -w password -b "cn=securitypolicy, dc=xxx,dc=xx,dc=xxxxxxxxx,dc=xx" "objectclass=ldapsubentry"

      version: 1

      dn: cn=SecurityPolicy,dc=xxxxx,dc=xxx,dc=xxxxxxxx,dc=xx

      passwordMaxFailure: 3

      pwdMaxFailure: 3

      pwdMaxAge: 0

      passwordExp: off

      objectClass: top

      objectClass: ldapsubentry

      objectClass: pwdPolicy

      objectClass: sunPwdPolicy

      objectClass: passwordPolicy

      cn: SecurityPolicy

      pwdAttribute: userPassword

      pwdLockout: TRUE

      pwdFailureCountInterval: 600

      pwdAllowUserChange: TRUE

      pwdMustChange: TRUE

      pwdMinLength: 8

      pwdLockoutDuration: 3600

      pwdExpireWarning: 604800

      pwdInHistory: 3

      pwdMinAge: 3600

      pwdCheckQuality: 2

      passwordLockout: on

      passwordResetFailureCount: 600

      passwordChange: on

      passwordMustChange: on

      passwordMinLength: 8

      passwordUnlock: on

      passwordLockoutDuration: 3600

      passwordWarning: 604800

      passwordMaxAge: 3628800

      passwordInHistory: 3

      passwordMinAge: 3600

      passwordCheckSyntax: on

       

       

      From the above , we can see maximum wrong try for password is

      passwordMaxFailure: 3

      pwdMaxFailure: 3

       

      Account is not getting locked after 3 attempts .......

       

      User is not existing in  local files and no values are set in /etc/default/passwd

       

      Please suggest if someone has any clue.

       

      Regards

      S.