[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6084) ppolicy should allow scheduled password expiration



Full_Name: Guillaume Rousse
Version: 2.4.16
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.83.212.136)


Current ppolicy implementation allows to administratively lock a password, by
setting pwdAccountLockedTime attribute to '000001010000Z' value. However,
despite this value actually being a generalized date, setting it to any other
date in the future doesn't work as expected. Moreover, this is an operational
attribute, which is primarily supposed to be handled by slapd itself.

As a consequence, a normal pwdExpirationDate attribute, which itself would set
a
 boolean operational attribute pwdExpired attribute to a true value, would be
desirable.