I have configuration problem with new openldap server . I successfully set the password policy on the server and I setted up the overlay settings also , It work well , my only problem is the Password Controls not work . When I try with external applicaiton I only get Invalid Credentials (49) , when somebody lock him self or his password was expired . I setted up the olcPPolicyUseLockout: TRUE in ppolicy config but everythings is same . I got the same error message .
Any idea how can I get more details ?
System Details:
OS: RedHat 7
LDAP packages:
openldap-2.4.40-13.el7.x86_64
openldap-servers-2.4.40-13.el7.x86_64
openldap-clients-2.4.40-13.el7.x86_64
compat-openldap-2.3.43-5.el7.x86_64
openldap-devel-2.4.40-13.el7.x86_64
Loaded Modules
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}aviva,cn=schema,cn=config
dn: cn={5}ppolicy,cn=schema,cn=config
dn: olcOverlay={0}ppolicy,olcDatabase={2}hdb,cn=config
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=ppolicy,ou=Policies,dc=test,dc=co,dc=com
olcPPolicyUseLockout: TRUE
olcPPolicyForwardUpdates: FALSE
Supported controls:
1.2.826.0.1.3344810.2.3 - Matched Values - Control - RFC3876
1.2.840.113556.1.4.319 - LDAP Simple Paged Results - Control - RFC2696
1.3.6.1.1.12 - Assertion - Control - RFC4528
1.3.6.1.1.13.1 - LDAP Pre-read - Control - RFC4527
1.3.6.1.1.13.2 - LDAP Post-read - Control - RFC4527
1.3.6.1.4.1.4203.1.10.1 - Subentries - Control - RFC3672
2.16.840.1.113730.3.4.18 - Proxy Authorization Control - Control - RFC6171
2.16.840.1.113730.3.4.2 - ManageDsaIT - Control - RFC3296
Supported extensions:
1.3.6.1.1.8 - Cancel Operation - Extension - RFC3909
1.3.6.1.4.1.1466.20037 - StartTLS - Extension - RFC4511-RFC4513
1.3.6.1.4.1.4203.1.11.1 - Modify Password - Extension - RFC3062
1.3.6.1.4.1.4203.1.11.3 - Who am I - Extension - RFC4532
Supported features:
1.3.6.1.1.14 - Modify-Increment - Feature - RFC4525
1.3.6.1.4.1.4203.1.5.1 - All Op Attrs - Feature - RFC3673
1.3.6.1.4.1.4203.1.5.2 - OC AD Lists - Feature - RFC4529
1.3.6.1.4.1.4203.1.5.3 - True/False filters - Feature - RFC4526
1.3.6.1.4.1.4203.1.5.4 - Language Tag Options - Feature - RFC3866
1.3.6.1.4.1.4203.1.5.5 - language Range Options - Feature - RFC3866
The password policy control is missing from the control list. 1.3.6.1.4.1.42.2.27.8.5.1 - Password policy - Control - IETF DRAFT behera-ldap-password-policy
Is it possible to add this control ?