[Date Prev][Date Next]
(ITS#7788) pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7788) pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
- From: firstname.lastname@example.org
- Date: Thu, 16 Jan 2014 16:53:46 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Clement OUDOT
Submission from: (NULL) (184.108.40.206)
I have configured a ppolicy overlay without olcPPolicyDefault value. So I use
pwdPolicySubentry in user entries to bind them to their policy configuration
Overlay ppolicy is compiled in slapd, not as module. I use LTB package.
If I create an account without pwdPolicySubentry, the attributes pwdChangedTime
and pwdFailureTime are generated for this entry. And as the entry is never
locked (which is a normal behavior, fixed in
http://www.openldap.org/its/index.cgi?findid=6168), the number of values in
pwdFailureTime can grow indefinitely.
IMHO, no ppolicy operational attributes should be present in an entry not linked
to a password policy.