[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6084) ppolicy should allow scheduled password expiration

Guillaume.Rousse@inria.fr wrote:
> Full_Name: Guillaume Rousse
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Current ppolicy implementation allows to administratively lock a password, by
> setting pwdAccountLockedTime attribute to '000001010000Z' value. However,
> despite this value actually being a generalized date, setting it to any other
> date in the future doesn't work as expected. Moreover, this is an operational
> attribute, which is primarily supposed to be handled by slapd itself.
> As a consequence, a normal pwdExpirationDate attribute, which itself would set
> a
>   boolean operational attribute pwdExpired attribute to a true value, would be
> desirable.

Since the ppolicy module's behavior is dictated by the Behera draft, any 
suggestions for changes in this area should probably first be raised on the 
ietf-ldapext mailing list.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/