Re: toubles using ppolicy to lock account

[Guillaume Rousse <Guillaume.Rousse@inria.fr>]

Andreas Hasenack a Ãcrit :
> Em Qua, 2007-09-26 Ãs 17:12 +0200, Guillaume Rousse escreveu:
>> So, I set up a very minimal default password policy object, as it seems
>> to be quite mandatory:
>> dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr
>> cn: default
>> objectClass: pwdPolicy
>> objectClass: organizationalRole
>> pwdAttribute: userPassword
>> pwdMaxAge: 0
>> pwdInHistory: 0
>> pwdCheckQuality: 0
>>
>> Then I tried to add a pwdAccountLockedTime attribute to a user:
>> dn: uid=rousse,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr
>> changetype: modify
>> add: pwdAccountLockedTime
>> pwdAccountLockedTime: 0
>>
>> Error: pwdAccountLockedTime: value #0 invalid per syntax
> 
> The syntax is wrong. Try this value:
> pwdAccountLockedTime: 000001010000Z
> 
>>From the slapo-ppolicy manpage:
> "If pwdAccountLockedTime is set to 000001010000Z, the user's account has
> been permanently locked and may only be unlocked by an administrator."
Arghhhhh... The man pages from 2.3.27, and the one I found on google
(http://linux.die.net/man/5/slapo-ppolicy) were wrong :( Current version
is OK, tough.

Anyway, thanks a lot :)
-- 
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62