[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7788) pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7788) pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
- From: coudot@linagora.com
- Date: Thu, 16 Jan 2014 16:53:46 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Clement OUDOT
Version: 2.4.38
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.145.72.122)
Hi,
I have configured a ppolicy overlay without olcPPolicyDefault value. So I use
pwdPolicySubentry in user entries to bind them to their policy configuration
entry.
Overlay ppolicy is compiled in slapd, not as module. I use LTB package.
If I create an account without pwdPolicySubentry, the attributes pwdChangedTime
and pwdFailureTime are generated for this entry. And as the entry is never
locked (which is a normal behavior, fixed in
http://www.openldap.org/its/index.cgi?findid=6168), the number of values in
pwdFailureTime can grow indefinitely.
IMHO, no ppolicy operational attributes should be present in an entry not linked
to a password policy.