Re: Fwd: Openldap/authconfig authenticating multiple times
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Fwd: Openldap/authconfig authenticating multiple times
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Fwd: Openldap/authconfig authenticating multiple times
- Date: Tue, 21 Nov 2017 22:00:08 +0100
On Tue, 2017-11-21 at 15:33 -0500, Dave Macias wrote:
> Basic background:
> 3 openldap servers with multimaster replication and
> ppolicy pwdMaxFailure: 6.
> When i try to authenticate to the linux box nslcd authenticates to
> all 3 master servers which return 3 failures, which give you
> 3 pwdFailureTime attributes for the account. So after typing the
> password incorrectly twice, the user get's locked out.
This should be fixed in nss-pam-ldapd 0.9.8. The problem was that LDAP
failures generally would trigger a fail-over and retry to a second LDAP
server. This also happened for authentication failures.
The relevant change is here:
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=d8ad7b127363d6d73ab1de6796886fda5eb07054
I don't think I have a workaround for this (apart from applying the
patch).
Kind regards,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
