[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs

To: Matthieu Cerda <matthieu.cerda@nbs-system.com>, openldap-technical@openldap.org
Subject: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 02 Jan 2017 15:11:51 -0800
Content-disposition: inline
In-reply-to: <WM!35b560fcd1d8be4346c04bf48238f0fce0ad9d974761b08b552280679698a5f7db8980881a4946de48349f459dcf8eba!@mailstronghold-3.zmailcloud.com>
References: <5e90d04befa90e72a414a447ab2995db@ironflake.org> <WM!a627752d55829ff9e4035bf19272d3bad5fdf8397e9dafdbe6c18995baabf9de8d608c8b7e4a902ec66d357d475a3668!@mailstronghold-1.zmailcloud.com> <e198790c-7e28-354b-c67e-41d8e12aa779@symas.com> <f398468253cd8f45c28da3675ae142bb@ironflake.org> <WM!04af1d4a7155fa6422bc55f78d22b62e3c6f9aa417b5cd4b9278ad7c6bfef6e8454270f36f475867309eb7aa4478c281!@mailstronghold-3.zmailcloud.com> <4E97C145472415D13FD2BDFF@[192.168.1.30]> <94c4d9a0-641f-dcab-4dd8-f5c27d7f730b@nbs-system.com> <WM!35b560fcd1d8be4346c04bf48238f0fce0ad9d974761b08b552280679698a5f7db8980881a4946de48349f459dcf8eba!@mailstronghold-3.zmailcloud.com>

--On Monday, January 02, 2017 2:40 PM +0100 Matthieu Cerda<matthieu.cerda@nbs-system.com> wrote:

Thank you very much Quanah !

Do you think adding a note about mandatory rootdn setting in
slapo-ppolicy manpage would be a worthy contribution ? (I'll gladly
submit a patch)


Hi Matthieu,

It's already currently noted in the 3rd paragraph of the man page:

Note that some of the policies do not take effect when the operationisperformed with the rootdn identity; all the operations, whenperformedwith any other identity, may be subjected to constraints, likeaccess

      control.


Note the bit about "all the operations, ..."

If you think of a way to reword it that you feel is a better explanation,that could certainly be considered. :)


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

References:
- Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: Matthieu Cerda <matthieu.cerda@nbs-system.com>

Prev by Date: Re: Fwd: Help pls : KDC w/LDAP backend
Next by Date: Re: Fwd: Help pls : KDC w/LDAP backend
Index(es):
- Chronological
- Thread