Thanks, I didn't know those controls correpsonded to those values. That's kind of what I'm looking for. But, perhaps I misunderstand how pwdReset works. The way I see it is it's a value which is generally not existent on the user object, and when you set it it resets whether or not the account is locked out. And when you set it, you can set it either as TRUE or FALSE, TRUE meaning the user will be asked to change their password, and FALSE they won't. So it's not really a toggle value, but more of a function which accepts a toggle argument. The more general option which determines if a user must change their password if it's reset is the pwdMustChange attribute on the pwdPolicy object, and setting the pwdReset to TRUE overrides pwdMustChange.
>From the Zytrex page: "Add the operational attribute pwdReset with a value of either TRUE or FALSE. FALSE is only effective if the password has not expired and has the same effect as deleting pwdAccountLockedTime. " So I don't think LAM uses the pwdReset attribute correctly as it was intended. It should probably be more like: have a button to reset the account, and 2 radio buttons to represent the TRUE and FALSE settings (with probably more descriptive labels). Also, it would be nice if there was a way to view the read-only attributes in the ppolicy tab under the user account -- Isaac Freeman - Systems Administrator IBM Information Protection Services [email protected] 919-254-0245 From: Roland Gruber <[email protected]> To: [email protected] Date: 09/24/2011 05:51 PM Subject: Re: [Lam-public] OpenLDAP ppolicy attributes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Isaac, pwdAccountLockedTime can be set with the button "(Un)Lock account". The attribute pwdReset is controlled via the checkbox "Password change required". The other attributes are marked as read-only in the documentation. Does this help you? Best regards Roland Am 23.09.2011 16:03, schrieb Isaac Freeman: > > Thanks, Roland. However, I have seen this page and have this module > enabled, but this does not give me access to the operational attributes > OpenLDAP uses such as pwdReset and pwdFailureCount, etc. Please see the > link in my original mail below for a list of these attributes. > > -- > Isaac Freeman - Systems Administrator > IBM Information Protection Services > [email protected] > 919-254-0245 > > > > From: Roland Gruber <[email protected]> > To: [email protected] > Date: 09/23/2011 05:10 AM > Subject: Re: [Lam-public] OpenLDAP ppolicy attributes. > > > > Hi Isaac, > > yes, there is a user module for ppolicy in LAM Pro. Just enable it in your > LAM server profile (tab "Modules"). > > See also here: > > http://www.ldap-account-manager.org/static/doc/manual/ch03.html#idp5610512 > > > Best regards > > Roland > > > > On 20.09.2011 16:24, Isaac Freeman wrote: >> >> >> In OpenLDAP using the ppolicy overlay, there are certain hidden(?) (or >> maybe implied?) attributes attached to any account with a ppolicy > extension >> which are not returned by a simple LDAP search, such as >> pwdAccountLockedTime and pwdChangedTime. Is there a simple way to >> manipulate these attributes with LAM (Pro)? They don't show up in the > user >> account screen's ppolicy tab, or in the tree view. Currently, the only > way >> I have to modify these (including the pwdReset attribute used to unlock > an >> account) is to import an LDIF modifying the account directly. >> >> http://www.zytrax.com/books/ldap/ch6/ppolicy.html#operationalattributes >> >> -- >> Isaac Freeman - Systems Administrator >> IBM Information Protection Services >> [email protected] >> 919-254-0245 >> >> >> >> > ------------------------------------------------------------------------------ > >> All the data continuously generated in your IT infrastructure contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2dcopy1 >> >> >> >> _______________________________________________ >> Lam-public mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/lam-public > > > -- > > Best regards > > Roland Gruber > > ------------------------------------------------------------------------------ > > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Lam-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public > > > > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > > > > _______________________________________________ > Lam-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public - -- Mit freundlichen Grüßen Roland Gruber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5+UIUACgkQq/ywNCsrGZ65BACcDmSDpGQFBdedpdRT+teqDLZw 5rkAn21AXRzxiAte/G7jIj+q77GByGXH =D9zB -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
<<inline: graycol.gif>>
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
