[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6084) ppolicy should allow scheduled password expiration
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6084) ppolicy should allow scheduled password expiration
- From: hyc@symas.com
- Date: Thu, 30 Apr 2009 10:35:18 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Guillaume.Rousse@inria.fr wrote:
> Full_Name: Guillaume Rousse
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (195.83.212.136)
>
>
> Current ppolicy implementation allows to administratively lock a password, by
> setting pwdAccountLockedTime attribute to '000001010000Z' value. However,
> despite this value actually being a generalized date, setting it to any other
> date in the future doesn't work as expected. Moreover, this is an operational
> attribute, which is primarily supposed to be handled by slapd itself.
>
> As a consequence, a normal pwdExpirationDate attribute, which itself would set
> a
> boolean operational attribute pwdExpired attribute to a true value, would be
> desirable.
Since the ppolicy module's behavior is dictated by the Behera draft, any
suggestions for changes in this area should probably first be raised on the
ietf-ldapext mailing list.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/