Re: (ITS#5040) modifyTimestamp being updated on login (bind) failure

[dan.cushing@netideasinc.com]

I'd defer to those with more expertise, but my vote is to avoid changing 
the modifyTimestamp attribute.  That attribute should be updated only 
when an ldapmodify operation is performed.

I'm not familiar with the specifications, and perhaps this isn't 
addressed there.  My intuition suggests that it shouldn't be modified by 
operations that are not directly under the control of the user or 
administrator.

Dan

Howard Chu wrote:
> dan.cushing@netideasinc.com wrote:
>> Full_Name: Dan Cushing
>> Version: 2.3.36
>> OS: Solaris 9
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (71.76.187.82)
>>
>>
>> When running OpenLDAP with the ppolicy overlay, the modifyTimestamp 
>> for a user
>> entry is updated if the user attempts to login (bind) with an incorrect
>> password.  This is happening because the password lockout feature is 
>> enabled and
>> the operational attribute 'pwdFailureTime' is being updated.  It 
>> seems like this
>> results in a misleading modifyTimestamp.  Is it intended that the
>> modifyTimestamp attribute be updated when operational attributes are 
>> updated?
>
> Hadn't really thought about it before. We can certainly avoid this 
> though.

-- 
This electronic transmission is strictly confidential to NetIDEAS, Inc. 
and intended solely for the addressee. It may contain information, which 
is covered by legal, professional, or other privilege. If you are not 
the intended addressee, or someone authorized by the intended addressee 
to receive transmissions on the behalf of the addressee, you must not 
retain, disclose in any form, copy or take any action in reliance on 
this transmission. If you have received this transmission in error, 
please notify us as soon as possible and destroy this message.