RHDS - Local Password Policies are not taken into account.

Solution Verified - Updated -

Issue

Entries which should be subject to local Password Policies are not showing the expected attributes.
For instance, the passwordLockout is enabled but the passwordRetryCount attribute was not getting updated upon a failed BIND.

  • Account Lockout is enabled in the local Password Policy:
dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
...
passwordLockout: on
  • The test user is subject to that local Password Policy:
# ldapsearch -xLLL -D "cn=Directory Manager" -W -H ldap://<HOST>:<PORT> -b "dc=example,dc=com" uid=demo_user pwdpolicysubentry
Enter LDAP Password: 
dn: uid=demo_user,ou=people,dc=example,dc=com
pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
  • After a failed BIND, the attribute passwordRetryCount is not present in the entry:
# ldapsearch -xLLL -D "uid=demo_user,ou=people,dc=example,dc=com" -w WRONG_PASSWORD -H ldap://<HOST>:<PORT> -b "dc=example,dc=com" uid=demo_user passwordRetryCount
ldap_bind: Invalid credentials (49)
#

# ldapsearch -xLLL -D "cn=Directory Manager" -W -H ldap://<HOST>:<PORT> -b "dc=example,dc=com" uid=demo_user passwordRetryCount
Enter LDAP Password: 
dn: uid=demo_user,ou=people,dc=example,dc=com

#

Environment

Red Hat Directory Server 12
Red Hat Enterprise Linux 9
Red Hat Directory Server 11
Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content