[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8762) Unlocking an account doesn't remove pwdFailureTime

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8762) Unlocking an account doesn't remove pwdFailureTime
From: michael@stroeder.com
Date: Fri, 27 Oct 2017 08:52:44 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

mihai.munteanu@thalesgroup.com wrote:
> Scenario: 
> 0. we have configured that after 3 login failed attempts, the account to be
> locked.
> 1. user test1 fails to login 3 times -> account is locked

Please provide the password policy as LDIF.

> 2. admin unlocks test1's account and notify test1 user

Which exact LDAP operation is done when "admin unlocks test1's account".
Are you just removing 'pwdAccountLockedTime'?

I'm asking because there might be a misunderstanding how that is
supposed to work. In this case it's an usage question better to be
discussed on openldap-technical mailing list.

Ciao, Michael.

Prev by Date: (ITS#8762) Unlocking an account doesn't remove pwdFailureTime
Next by Date: RE: [EXTERNAL] (ITS#8762) Unlocking an account doesn't remove pwdFailureTime
Index(es):
- Chronological
- Thread