Le 6/28/13 3:24 PM, Slavomir Kocka a écrit : > Thanks for response... > > Yes, I read it, it was mentioned there above... > > However, it didn't work for me well. > Originally I had: > > ads-pwdLockout: TRUE > ads-pwdLockoutDuration: 0 > > Which is default. When some users locked-out themselves, I stopped servers, > set ads-pwdLockoutDuration = 5, and started servers (just to avoid brute > force login attempts) > However accounts, which were locked during TRUE/0 configuration, didn't > unlock...
0 in this context means infinite. The thing is that once the users who were locked with 0 (ie infinite) will remain locked forever, no matter what (unless the admin unlock them) > > Does duration apply only to newly locked accounts, or is it some bug? I don't think there is a bug. Although I think that having 0 as a default value is not necessarily the smartests idea we have had... Kiran, do you have something more to add ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com