Hello, I have enabled ldap password policy in my open ldap server and it locks out the account after several unsuccessful bind attempts. I am able to get the password policy response which says "Account locked" by specifying '-e ppolicy' option in my ldapsearch command. I am looking for a way to get similar response when I use dovecot so that I can specify my clients that their account is locked. I understand the security risks involved but mine is low security and high usability requirement. Please share the solution with me. -- Thanks, Sarguru
Timo Sirainen
2011-Jun-28 00:15 UTC
[Dovecot] Help regarding getting password policy response
On Mon, 2011-06-27 at 13:04 +0530, sarguru wrote:> Hello, > I have enabled ldap password policy in my open ldap server and it locks > out the account after several unsuccessful bind attempts. I am able to > get the password policy response which says "Account locked" by > specifying '-e ppolicy' option in my ldapsearch command. > > I am looking for a way to get similar response when I use dovecot so > that I can specify my clients that their account is locked. I understand > the security risks involved but mine is low security and high usability > requirement.Maybe pam_ldap can report it as "password expired"? Dovecot forwards that info if PAM reports it. Other than that, you'd need to modify Dovecot's LDAP code.