[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp
From: hyc@symas.com
Date: Wed, 21 Oct 2015 17:40:29 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

michael@stroeder.com wrote:
> Full_Name: Michael Str.der
> Version:
> OS:
> URL:
> Submission from: (NULL) (213.240.180.113)
>
>
> If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain
> pwdChangedTime attribute createTimestamp should be used instead to determine
> whether password is expired or not.
>
> The case above can happen if there are already existing entries with
> userPassword and slapo-ppolicy gets installed and activated later.
>

No. The spec says for pwdChangedTime "If this attribute does not exist, the 
password will never expire."

Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp
Next by Date: (ITS#8286) Add missing matching rule for olcMirrorMode
Index(es):
- Chronological
- Thread