[Date Prev][Date Next] [Chronological] [Thread] [Top]

PPolicy overlay and hidden user attributes.




I'm playing with the password policy overlay and it seems to be working, but I can't see any of the user attributes that the policy sets on an user object in my ldapbrowser:


pwdChangedTime, pwdAccountLockedTime, pwdExpirationWarned,
pwdFailureTime, pwdHistory, pwdGraceUseTime, pwdReset,
pwdPolicySubEntry

I've turned off for testing all my access controls (left it to the default: if no access controls are present, the default policy allows anyone and everyone to read anything) and I'm bound as the administrator defined in my slapd.conf.

I'm using the test schema for password policies as a baseline. I can upload the ppolicy.ldiff into my server and I know all the schema is active as it doesn't give any errors (pwdPolicySubEntry on the test object loads fine)

Are these "internal" attributes? Is this normal behavior? Can I see these attributes in my browser and edit them if needed? The issue that I face if I implement these password policies is how can I tell by using ldapbrowser an account has been locked out?

Just a bit confused on how to get to these objects,

Thanks,
Dennis