[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Password Policy operational attributes

To: Jim Sermersheim <jimse@novell.com>
Subject: Re: [ldapext] Password Policy operational attributes
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 23 Nov 2004 07:57:14 +0100
Cc: ldapext@ietf.org
In-reply-to: <s1a1abf4.063@sinclair.provo.novell.com>
References: <s1a1abf4.063@sinclair.provo.novell.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Jim Sermersheim wrote:

I also prefer that when these attributes are updates, that the modification tracking attributes (modifyTimeStamp, modifyCSN, version, whatever) are updated,

I disagree strongly here. You'd loose very valuable information about who did the last administrative changes to an entry.

IMO modification of password policy state information SHOULD NOT update 'modifyTimeStamp' and 'modifiersName'. Attributes used for replication SHOULD be updated off course ('modifyCSN' looks like such an attribute).

Likely we could remind server implementors to do whatever is needed to cause replication to properly happen.

+1

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] Password Policy operational attributes
  - From: John McMeeking <jmcmeek@us.ibm.com>

References:
- Re: [ldapext] Password Policy operational attributes
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Re: [ldapext] referencing one LDIF file from another
Next by Date: Re: [ldapext] Password Policy operational attributes
Index(es):
- Chronological
- Thread