[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: toubles using ppolicy to lock account

To: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Subject: Re: toubles using ppolicy to lock account
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Wed, 26 Sep 2007 17:20:49 -0300
Cc: openldap-software@openldap.org
In-reply-to: <46FA76E1.6010306@inria.fr>
References: <46FA76E1.6010306@inria.fr>

Em Qua, 2007-09-26 Ãs 17:12 +0200, Guillaume Rousse escreveu:
> So, I set up a very minimal default password policy object, as it seems
> to be quite mandatory:
> dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr
> cn: default
> objectClass: pwdPolicy
> objectClass: organizationalRole
> pwdAttribute: userPassword
> pwdMaxAge: 0
> pwdInHistory: 0
> pwdCheckQuality: 0
> 
> Then I tried to add a pwdAccountLockedTime attribute to a user:
> dn: uid=rousse,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr
> changetype: modify
> add: pwdAccountLockedTime
> pwdAccountLockedTime: 0
> 
> Error: pwdAccountLockedTime: value #0 invalid per syntax

The syntax is wrong. Try this value:
pwdAccountLockedTime: 000001010000Z

>From the slapo-ppolicy manpage:
"If pwdAccountLockedTime is set to 000001010000Z, the user's account has
been permanently locked and may only be unlocked by an administrator."

Follow-Ups:
- Re: toubles using ppolicy to lock account
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>

References:
- toubles using ppolicy to lock account
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>

Prev by Date: Re: Links about integration
Next by Date: Rewrite searchDN based on searchFilter
Index(es):
- Chronological
- Thread