We're running a Policy Server and when a user logs in, the Policy
Server doesn't seem to apply the Password Policy, and as such, we
don't see the account being locked and user can still browse the Web
Site.
How can we fix that ?
Policy Server 12.8SP2 build 1992 on Linux;
LDAP User Store on ODSEE;
You've configured the Password Policy that way :
Directory : myCorporateUserStore
Password Policy applies to part of the Directory
| Path | c=mycountry |
|-------+--------------|
| Class | Search Users |
| | |
When Policy Server tries to find the user applying the filter c=mycountry,
then the LDAP Server returns no entry, and as such the Policy Server
cannot apply the Password Policy and thus, it won't update the
Disabled Flag :
[10/14/2020][12:59:29.429][12:59:29][34916][139798886967040][SmDsUser.cpp:95]
[CSmDsUser::CSmDsUser][][][][][][][][][][][][][][][][][][]
[About to initialize User 'cn=myuser,o=myteam,c=mycountry'
in dir 'myCorporateUserStore'][][Start of call InitUser.][][]
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[10/14/2020][12:59:29.429][12:59:29][34916][139798886967040][SmDsUser.cpp:903]
[CSmDsUser::ResolvePolicyObject][][][][][][][][][][][][][][][][][][]
[Policy resolution for user: 'cn=myuser,o=myteam,c=mycountry',
filter: 'c=mycountry', type: 3, recursive: No][][Start of call HasRelationship.][][]
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[10/14/2020][12:59:29.431][12:59:29][34916][139798886967040][SmDsLdapConnMgr.cpp:1218]
[CSmDsLdapConn::SearchExts][][][][][][][][][][][][][][][][][][][][]
[LDAP search of c=mycountry took 0 seconds and 1684 microseconds][][][][][][][][][][]
[][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[10/14/2020][12:59:29.431][12:59:29][34916][139798886967040][SmDsLdapProvider.cpp:2641]
[CSmDsLdapProvider::SearchCount][][][][][][][][][][][][][][][][][][]
[(SearchCount) Base: 'cn=myuser,o=myteam,c=mycountry',
Filter: 'c=mycountry'. Status: 0 entries][][Ldap SearchCount callout succeeds.][][][]
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
Investigate with the LDAP Administrator the reason why the LDAP
request return 0 entry :
'cn=myuser,o=myteam,c=mycountry', Filter: 'c=mycountry'. Status: 0 entries