396c932 Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions

Authored and Committed by mreynolds 9 years ago
    Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions
    
    Bug Description:  DS doesn't return error LDAP_CONSTRAINT_VIOLATION until after the retry limit is exceeded
    
    Fix Description:  DS has essentially locked the account, but we didn't log the error until
                      the next bind.  Added a new config option "passwordLegacyPolicy: on|off"
                      that will trigger the error LDAP_CONSTRAINT_VIOLATION, if "legacy" is off,
                      when the limit is actually reached.  The default is to continue to do
                      things the "old" way, or legacy "on".
    
    https://fedorahosted.org/389/ticket/183
    
    reviewed by: Noriko (Thanks!)
    
        
file modified
+30 -0
file modified
+1 -1
file modified
+23 -15
file modified
+9 -1
file modified
+2 -0