[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6830) slapo-ppolicy.5 has incorrect schema fragments

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6830) slapo-ppolicy.5 has incorrect schema fragments
From: hyc@symas.com
Date: Thu, 30 Jun 2011 10:11:36 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Andrew Findlay wrote:
> On Thu, Jun 09, 2011 at 01:45:17AM -0700, Howard Chu wrote:
>
>> I note that in ppolicy.c we have:
>>
>>      {   "( 1.3.6.1.4.1.42.2.27.8.1.17 "
>>          "NAME ( 'pwdAccountLockedTime' ) "
>>          "DESC 'The time an user account was locked' "
>>          "EQUALITY generalizedTimeMatch "
>>          "ORDERING generalizedTimeOrderingMatch "
>>          "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
>>          "SINGLE-VALUE "
>> #if 0
>>          /* Not until Relax control is released */
>>          "NO-USER-MODIFICATION "
>> #endif
>>          "USAGE directoryOperation )",
>>
>> We have in fact released support for the Relax control, so it's
>> probably time to unifdef these bits and go back to the documented
>> behavior.
>
> That seems reasonable in the long term, though it will break many sites'
> existing password management procedures. The change will have to be
> mentioned in the updated manpage, noting the version at which it takes
> effect.
>
> Should I produce an updated version of the manpage patch?

Well since you raise the question, what do you think is the more sensible 
approach to all of this? I was the one who argued in ldapext that these 
attributes should be no-user-modification but perhaps that makes them too 
inconvenient to administer.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#6981) slapd crashes when using sssvlv and pcache overlays
Next by Date: Re: (ITS#6830) slapo-ppolicy.5 has incorrect schema fragments
Index(es):
- Chronological
- Thread