[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8762) Unlocking an account doesn't remove pwdFailureTime

mihai.munteanu@thalesgroup.com wrote:
> Scenario: 
> 0. we have configured that after 3 login failed attempts, the account to be
> locked.
> 1. user test1 fails to login 3 times -> account is locked

Please provide the password policy as LDIF.

> 2. admin unlocks test1's account and notify test1 user

Which exact LDAP operation is done when "admin unlocks test1's account".
Are you just removing 'pwdAccountLockedTime'?

I'm asking because there might be a misunderstanding how that is
supposed to work. In this case it's an usage question better to be
discussed on openldap-technical mailing list.

Ciao, Michael.