[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy.c module doesn't respect Draft policy

To: LABICHE Alexandre <alexandrelabiche@hotmail.com>
Subject: Re: ppolicy.c module doesn't respect Draft policy
From: Howard Chu <hyc@symas.com>
Date: Mon, 02 Oct 2006 14:54:20 -0700
Cc: openldap-software@openldap.org
In-reply-to: <BAY106-F4E9AB79FB129E09336025CB1F0@phx.gbl>
References: <BAY106-F4E9AB79FB129E09336025CB1F0@phx.gbl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

You should submit this to the ITS.

LABICHE Alexandre wrote:

Hello,
draft-behera-ldap-password-policy-xx.txt    says:
5.3.2  pwdChangedTime
  This attribute specifies the last time the entry's password was
  changed.  This is used by the password expiration policy.  If this
  attribute does not exist, the password will never expire.
And ppolicy.c overlay  says  contrary
/* * Hmm. No password changed time on the * entry. This is odd - it should have * been provided when the attribute was added. * * However, it's possible that it could be * missing if the DIT was established via * an import process. */ Debug( LDAP_DEBUG_ANY, "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", e->e_name.bv_val, 0, 0);

pwExpired = 1;


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- ppolicy.c module doesn't respect Draft policy
  - From: "LABICHE Alexandre" <alexandrelabiche@hotmail.com>

Prev by Date: HOWTO bind with uid only (short name)
Next by Date: Re: HOWTO bind with uid only (short name)
Index(es):
- Chronological
- Thread