3 Replies Latest reply: Jun 19, 2014 8:47 AM by Sylvain Duloutre-Oracle RSS

    pwdmaxfail entry not working sun ds




      we are using solaris 10 servers and  all the users are ldap users in SUN DS.

      password policy in ldap is as below


      # ldapsearch -T -p 389 -D "cn=Directory Manager" -w password -b "cn=securitypolicy, dc=xxx,dc=xx,dc=xxxxxxxxx,dc=xx" "objectclass=ldapsubentry"

      version: 1

      dn: cn=SecurityPolicy,dc=xxxxx,dc=xxx,dc=xxxxxxxx,dc=xx

      passwordMaxFailure: 3

      pwdMaxFailure: 3

      pwdMaxAge: 0

      passwordExp: off

      objectClass: top

      objectClass: ldapsubentry

      objectClass: pwdPolicy

      objectClass: sunPwdPolicy

      objectClass: passwordPolicy

      cn: SecurityPolicy

      pwdAttribute: userPassword

      pwdLockout: TRUE

      pwdFailureCountInterval: 600

      pwdAllowUserChange: TRUE

      pwdMustChange: TRUE

      pwdMinLength: 8

      pwdLockoutDuration: 3600

      pwdExpireWarning: 604800

      pwdInHistory: 3

      pwdMinAge: 3600

      pwdCheckQuality: 2

      passwordLockout: on

      passwordResetFailureCount: 600

      passwordChange: on

      passwordMustChange: on

      passwordMinLength: 8

      passwordUnlock: on

      passwordLockoutDuration: 3600

      passwordWarning: 604800

      passwordMaxAge: 3628800

      passwordInHistory: 3

      passwordMinAge: 3600

      passwordCheckSyntax: on



      From the above , we can see maximum wrong try for password is

      passwordMaxFailure: 3

      pwdMaxFailure: 3


      Account is not getting locked after 3 attempts .......


      User is not existing in  local files and no values are set in /etc/default/passwd


      Please suggest if someone has any clue.