Skip to content

ppolicy enhancements

Ondřej Kuzník requested to merge ondra/openldap:ppolicy into master

Attempts to address the following issues:

  • ITS#7084 - if someone else modifies a user's password and pwdMustChange applies through policy, set pwdReset
  • ITS#7089 - entries without a password or where a policy doesn't apply don't get failures/lockouts added either
  • ITS#7788 - ditto, also set default failure recording to 0 (unless needed for lockouts/delays)
  • ITS#8762 - reset failures when account unlocked

These are quite sweeping changes to ppolicy behaviour, a wider review is warranted.


  • extend the test suite to cover most of the above
Edited by Ondřej Kuzník

Merge request reports