3 Replies Latest reply on Jun 19, 2014 1:47 PM by Sylvain Duloutre-Oracle

    pwdmaxfail entry not working sun ds




      we are using solaris 10 servers and  all the users are ldap users in SUN DS.

      password policy in ldap is as below


      # ldapsearch -T -p 389 -D "cn=Directory Manager" -w password -b "cn=securitypolicy, dc=xxx,dc=xx,dc=xxxxxxxxx,dc=xx" "objectclass=ldapsubentry"

      version: 1

      dn: cn=SecurityPolicy,dc=xxxxx,dc=xxx,dc=xxxxxxxx,dc=xx

      passwordMaxFailure: 3

      pwdMaxFailure: 3

      pwdMaxAge: 0

      passwordExp: off

      objectClass: top

      objectClass: ldapsubentry

      objectClass: pwdPolicy

      objectClass: sunPwdPolicy

      objectClass: passwordPolicy

      cn: SecurityPolicy

      pwdAttribute: userPassword

      pwdLockout: TRUE

      pwdFailureCountInterval: 600

      pwdAllowUserChange: TRUE

      pwdMustChange: TRUE

      pwdMinLength: 8

      pwdLockoutDuration: 3600

      pwdExpireWarning: 604800

      pwdInHistory: 3

      pwdMinAge: 3600

      pwdCheckQuality: 2

      passwordLockout: on

      passwordResetFailureCount: 600

      passwordChange: on

      passwordMustChange: on

      passwordMinLength: 8

      passwordUnlock: on

      passwordLockoutDuration: 3600

      passwordWarning: 604800

      passwordMaxAge: 3628800

      passwordInHistory: 3

      passwordMinAge: 3600

      passwordCheckSyntax: on



      From the above , we can see maximum wrong try for password is

      passwordMaxFailure: 3

      pwdMaxFailure: 3


      Account is not getting locked after 3 attempts .......


      User is not existing in  local files and no values are set in /etc/default/passwd


      Please suggest if someone has any clue.