m.dn = ldb.Dn(self.rwdc_db, group)
m['member'] = ldb.MessageElement(userdn, ldb.FLAG_MOD_ADD, 'member')
self.rwdc_db.modify(m)
+ m = ldb.Message()
+ m.dn = ldb.Dn(self.ldb, self.base_dn)
+
+ self.account_lockout_duration = 15
+ account_lockout_duration_ticks = -int(self.account_lockout_duration * (1e7))
+
+ m["lockoutDuration"] = ldb.MessageElement(str(account_lockout_duration_ticks),
+ ldb.FLAG_MOD_REPLACE,
+ "lockoutDuration")
+
+ self.lockout_observation_window = 15
+ lockout_observation_window_ticks = -int(self.lockout_observation_window * (1e7))
+
+ m["lockOutObservationWindow"] = ldb.MessageElement(str(lockout_observation_window_ticks),
+ ldb.FLAG_MOD_REPLACE,
+ "lockOutObservationWindow")
+
+ self.rwdc_db.modify(m)
+ self.force_replication()
self._test_login_lockout_rodc_rwdc(self.lockout1ntlm_creds, userdn)
msDSUserAccountControlComputed=dsdb.UF_LOCKOUT)
# wait for the lockout to end
- time.sleep(self.account_lockout_duration + 1)
- print(self.account_lockout_duration + 1)
+ time.sleep(self.account_lockout_duration + 5)
+ print(self.account_lockout_duration + 5)
res = self._check_account(userdn,
badPwdCount=3, effective_bad_password_count=0,
creds_lockout2 = self.insta_creds(creds_lockout)
ldb_lockout = SamDB(url=self.host_url, credentials=creds_lockout2, lp=self.lp)
- time.sleep(3)
+ time.sleep(3*5)
res = self._check_account(userdn,
badPwdCount=0,