[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4978) slapo-ppolicy.5 and missing Zero value example



On Mon, May 21, 2007 at 09:25:23PM +0000, ghenry@OpenLDAP.org wrote:
> draft-behera-ldap-password-policy-xx.txt and ppolicy.schema list:
> 
> "A 000001010000Z value means that the account has been locked permanently, and
> that only a password administrator can unlock the account."
> 
> But pwdAccountLockedTime doesn't use integerMatch, so an example of the above
> syntax is needed with anything that has a generalizedTimeMatch. I think
> pwdAccountLockedTime is the only one?

The slapo-ppolicy(5) manpage is actually misleading. It implies that
the value is a plain zero, which doesn't work:
"If pwdAccountLockedTime is set to zero (0), the user's account (...)"