[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question pertaining to PPolicy overlay feature

To: openldap-software@OpenLDAP.org
Subject: Question pertaining to PPolicy overlay feature
From: Shawn McKinney <smmtech2@sbcglobal.net>
Date: Thu, 1 Sep 2005 11:31:41 -0700 (PDT)

To reset a user's LDAP account that has been locked
due  maxFailure bind failures, my client program
performs the following steps:   

On the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute

Testing w/ version 1.56 ppolicy module the above steps
work flawlessly. The user must change password on
subsequent bind per PW policy setting.

But when I upgrade to latest version of ppolicy
module, 1.60, I get constraint violation when I
attempt removal of user's pwdLockedTime attribute.

My question is, for situations when the user account
is locked, how do we reset the user account
programatically?  I have found leaving the pwdReset
flag alone will not unlock the user's account.

Thanks,

Shawn

Follow-Ups:
- Re: Question pertaining to PPolicy overlay feature
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Access control attributes list
Next by Date: Re: Fault-tolerance for master OpenLDAP server
Index(es):
- Chronological
- Thread