> > http://sunsolve.sun.com/search/document.do?assetkey=1-1-6216291-1&searchclause=6216291 > Document Audience: SPECTRUM Document ID: 6216291 Title: passwordRetryCount does not get incremented when passwordResetFailureCount is set to 0 Update Date: Mon Aug 29 00:00:00 MDT 2005 Bug ID: 6216291 Synopsis: passwordRetryCount does not get incremented when passwordResetFailureCount is set to 0 Category: directory Subcategory: admin State: 10-Fix Delivered Description: Steps to reproduce: passwordRetryCount does not get incremented when passwordResetFailureCount is set to 0. This cannot be set to 0 using the console, however it can be set using ldapmodify. 1. set the password policy for domain dn: cn=policy_usrs,o=red.iplanet.com,dc=red,dc=iplanet,dc=com objectclass:top objectclass:passwordPolicy objectclass:LDAPsubentry passwordCheckSyntax: on passwordExp: on passwordExpireWithoutWarning: on passwordInHistory: 6 passwordMaxAge: 2592000 passwordMinAge: 0 passwordMinLength: 6 passwordRootDNMayBypassModsChecks: on passwordStorageScheme: SSHA passwordWarning: 864000 passwordLockout: on passwordLockoutDuration: 0 passwordMaxFailure: 3 passwordResetFailureCount: 0 passwordUnlock: off 2. Set the user's password policy to the above policy 3. Do an invalid bind as that user and check for the passwordretrycount #ldapsearch -p 1389 -D "uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" -w caffeine01 -b "ou=people,o=red.iplanet.com,dc=red,dc=iplanet,dc=com" uid=caffeine0 ldap_simple_bind: Invalid credential #ldapsearch -p 1389 -D "cn=Directory Manager" -w password -b "ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" uid=caffeine1 passwordRetryCount passwordResetFailureCount passwordHistory passwordUnlock passwordMaxFailure passwordInHistory passwordResetFailureCount uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com passwordRetryCount=1 #ldapsearch -p 1389 -D "uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" -w caffeine01 -b "ou=people,o=red.iplanet.com,dc=red,dc=iplanet,dc=com" uid=caffeine0 ldap_simple_bind: Invalid credentials #ldapsearch -p 1389 -D "cn=Directory Manager" -w password -b "ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" uid=caffeine1 passwordRetryCount passwordUnlock passwordMaxFailure passwordInHistory passwordResetFailureCount uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com passwordRetryCount=1 #ldapsearch -p 1389 -D "uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" -w caffeine01 -b "ou=people,o=red.iplanet.com,dc=red,dc=iplanet,dc=com" uid=caffeine0 ldap_simple_bind: Invalid credentials #ldapsearch -p 1389 -D "cn=Directory Manager" -w password -b "ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com" uid=caffeine1 passwordRetryCount passwordUnlock passwordMaxFailure passwordInHistory passwordResetFailureCount uid=caffeine1, ou=People, o=red.iplanet.com, dc=red,dc=iplanet,dc=com passwordRetryCount=1 xxxx@sun.com 2005-1-11 20:49:25 GMT xxxx@sun.com 2005-1-11 21:00:52 GMT Date Modified: 2005-01-11 21:00:53 GMT+00:00 Work Around: Suggested Fix: Evaluation: Fixed by patch: Integrated in Build: 5.2patch4_bld03 Duplicate of: Related Change Request(s): Date Modified: 2005-08-29 10:45:24 GMT+00:00 Public Summary: