[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6084) ppolicy should allow scheduled password expiration



Guillaume.Rousse@inria.fr wrote:
> Full_Name: Guillaume Rousse
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (195.83.212.136)
>
>
> Current ppolicy implementation allows to administratively lock a password, by
> setting pwdAccountLockedTime attribute to '000001010000Z' value. However,
> despite this value actually being a generalized date, setting it to any other
> date in the future doesn't work as expected. Moreover, this is an operational
> attribute, which is primarily supposed to be handled by slapd itself.
>
> As a consequence, a normal pwdExpirationDate attribute, which itself would set
> a
>   boolean operational attribute pwdExpired attribute to a true value, would be
> desirable.

Since the ppolicy module's behavior is dictated by the Behera draft, any 
suggestions for changes in this area should probably first be raised on the 
ietf-ldapext mailing list.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/