[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and Access Control to operational Attributes

On Wednesday 06 April 2005 12:54, Howard Chu wrote:
> This is also ITS#3573. Yes, I believe those operational attributes
> need to be marked NO-USER-MODIFICATION but since the draft 7 spec
> doesn't define them this way, I haven't made the change. The same
> problem still remains in the draft 8 spec.

I am currently trying to prepare a patch (will submit an ITS later 
today) to update the overlay code to the draft 8 spec. Here a brief 
overview of the changes that I found:

- "pwdGraceLoginLimit" is now "pwdGraceAuthNLimit"
- "pwdExpirationWarned" does no longer exist
- Result codes for password update operations have been changed from
  "unwillingToPerform" to "insufficientAccessRights"

> http://www.watersprings.org/pub/id/draft-behera-ldap-password-policy-
> I believe making this change may cause other problems in a
> replication environment, but I don't remember the details. At any
> rate, there are lots of undefined/unspecified behaviors wrt
> replication here.

	Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com