[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and Access Control to operational Attributes

To: openldap-devel@OpenLDAP.org
Subject: Re: ppolicy and Access Control to operational Attributes
From: Ralf Haferkamp <rhafer@suse.de>
Date: Tue, 12 Apr 2005 17:52:39 +0200
Cc: Howard Chu <hyc@symas.com>
Content-disposition: inline
In-reply-to: <4253BFE7.2020303@symas.com>
References: <200504061154.04889.rhafer@suse.de> <4253BFE7.2020303@symas.com>
User-agent: KMail/1.8

On Wednesday 06 April 2005 12:54, Howard Chu wrote:
> This is also ITS#3573. Yes, I believe those operational attributes
> need to be marked NO-USER-MODIFICATION but since the draft 7 spec
> doesn't define them this way, I haven't made the change. The same
> problem still remains in the draft 8 spec.

I am currently trying to prepare a patch (will submit an ITS later 
today) to update the overlay code to the draft 8 spec. Here a brief 
overview of the changes that I found:

- "pwdGraceLoginLimit" is now "pwdGraceAuthNLimit"
- "pwdExpirationWarned" does no longer exist
- Result codes for password update operations have been changed from
  "unwillingToPerform" to "insufficientAccessRights"

>
> http://www.watersprings.org/pub/id/draft-behera-ldap-password-policy-
>08.txt
>
> I believe making this change may cause other problems in a
> replication environment, but I don't remember the details. At any
> rate, there are lots of undefined/unspecified behaviors wrt
> replication here.

-- 
regards,
	Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com

References:
- ppolicy and Access Control to operational Attributes
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: ppolicy and Access Control to operational Attributes
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Move SLAPI in an overlay...
Next by Date: Slapd seach process
Index(es):
- Chronological
- Thread