[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Password Policy operational attributes

To: ldapext@ietf.org
Subject: Re: [ldapext] Password Policy operational attributes
From: John McMeeking <jmcmeek@us.ibm.com>
Date: Tue, 23 Nov 2004 06:39:15 -0600
In-reply-to: <41A2DF4A.5090406@stroeder.com>

Jim Sermersheim <jimse@novell.com> wrote on 11/23/2004 12:57:14 AM:

> Jim Sermersheim wrote:
> >
> > I also prefer that when these attributes are updates, that the
> > modification tracking attributes (modifyTimeStamp, modifyCSN, version,
> > whatever) are updated,
>
> I disagree strongly here. You'd loose very valuable information about
> who did the last administrative changes to an entry.
>
> IMO modification of password policy state information SHOULD NOT update
> 'modifyTimeStamp' and 'modifiersName'. Attributes used for replication
> SHOULD be updated off course ('modifyCSN' looks like such an attribute).

I took Jim's comment as meaning that when the password policy attributes
are directly modified by a client (e.g. the attributes are part of a modify
request), modifyTimestamp, etc. should be updated.  I don't think he was
suggesting that modifyTimestamp should be set as a result of a bind
failure, and my first reaction is that a failed bind should not update
modifyTimestamp.

>
> > Likely we could remind server
> > implementors to do whatever is needed to cause replication to properly
> > happen.
>
> +1
>
> Ciao, Michael.
>
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www1.ietf.org/mailman/listinfo/ldapext

John  McMeeking

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] Password Policy operational attributes
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: [ldapext] Password Policy operational attributes
Index(es):
- Chronological
- Thread