Le 3/22/13 2:25 PM, Kiran Ayyagari a écrit : > Hi guys, > > We have an issue in the server where the admin (uid=admin,ou=system) > account can get locked > permanently based on the ppolicy configuration to lock accounts [1]. > > IMO we should allow all user and admin accounts to get locked > permanently (again, based on the ppolicy config) > except the system's built-in admin account (uid=admin,ou=system). This > is just to prevent any abuse involving a > regular admin account.
Let me sum up : - any user can be locked permanently - admin users may also be locked permanently - the super-admin cannot be locked permanently correct ? (If so, my +1) That raises another question here (see [2]) : - assuming that [2] is solved, the super admin can unlock all the users *and* all the admins ? - a 'normal' admin can only lock users, not admins ? PS : admins are the account present in the administrators branch atm. Won't it make sense to get rid of such a distinction, and to uses ACI instead ? > [1] https://issues.apache.org/jira/browse/DIRSERVER-1812 [2] https://issues.apache.org/jira/browse/DIRSERVER-1813 > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
