[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OL 2.3.7, ppolicy, how to unlock account?

To: Samuel Tran <stran@amnh.org>
Subject: Re: OL 2.3.7, ppolicy, how to unlock account?
From: Howard Chu <hyc@symas.com>
Date: Wed, 14 Sep 2005 16:42:49 -0700
Cc: openldap <openldap-software@OpenLDAP.org>
In-reply-to: <1126725071.13144.13.camel@mistral>
References: <1126725071.13144.13.camel@mistral>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050909 SeaMonkey/1.1a

Samuel Tran wrote:

Hi all,
I am testing the password policy in OL 2.3.7 on a Debian Linux Sarge
server.
I managed to lock an account after intentionally binding with a wrong password 3 times. Now how can I unlock the account? I looked at the man page for slapo-ppolicy and the draft-behera-ldap-password-policy-xx.txt file. But couldn't find anything.

Between 2.3.6 and 2.3.7 I made a schema change to follow draft-09 of the password policy spec. It appears this was a bad idea, as it prevents you from deleting the pwdAccountLockedTime attribute. (In the development source, you can use the ManageDIT control to accomplish it, but this control wasn't enabled in the Release code.) If you grab the current ppolicy.c from CVS HEAD this problem is fixed, some of the draft-09 schema changes are undone so that you can still manipulate these attributes.

Also with the version in CVS, resetting the password automatically unlocks the account.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: OL 2.3.7, ppolicy, how to unlock account?
  - From: "Samuel Tran" <stran@amnh.org>

References:
- OL 2.3.7, ppolicy, how to unlock account?
  - From: Samuel Tran <stran@amnh.org>

Prev by Date: OpenLDAP & PHP5
Next by Date: Re: TLS and GSSAPI problems
Index(es):
- Chronological
- Thread