Univention Bugzilla – Bug 47002
The ppolicy attributes can only be adjusted via ldapmodify
Last modified: 2021-05-03 21:41:04 CEST
We already have a SDB article how to activate ldap account locking. (https://help.univention.com/t/automatic-openldap-account-locking/6436) It would be an improvement, if the customer can adjust the attributes pwdMaxFailure and pwdMaxFailureCountInterval via UMC. At the moment he needs to adjust the values via ldapmodify.
It's also hard for customers (admins) to know and consider all the different mechanisms of password aging and lockout: * ppolicy for LDAP binds (via ldapmodify) * pam_tally for SSH (via UCR variables faillog/*) * Samba passwordsettings (via umc settings/sambadomain) * UDM policy pwhistory Admins should be supported to configure this correctly in one place (Bug #35809).