[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7089) ppolicy adds PWDFAILURETIME to organizationalUnit



draft-behera-ldap-password-policy:

- Says this should be supported via attribute SubtreeSpecification
  in the pwdPolicy subentry.

  I think OpenLDAP does not support this attribute, it accepts it but
  does not do anything.

- Leaves room to make the requested behavior configurable in cn=config,
  or for that matter make it the default:

  The draft mostly says ppolicy applies to "user entries".  Browsing
  it quicly, I don't see it define what that means, nor consider the
  existence of non-user entries.  A config attribute could define that.

I don't know if anyone will bother to implement this (patches welcome)
but I don't see a formal problem with whether it could/should be done.

-- 
Hallvard