[Date Prev][Date Next]
Re: (ITS#5579) Interaction of ppolicy attributes
Andrew Findlay wrote:
> Indeed, though draft-behera-ldap-password-policy-xx.txt is a bit unclear
> on the subject of that attribute:
> 5.3.3 pwdAccountLockedTime
> The current implementation does allow
> admins to set the value, which appears to be the only way to
> lock/unlock an account without changing the password.
The current implementation allows pretty much anybody to set the attribute.
It's intended that it can only be set when using the Relax Constraints control.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/