Ahh, I see. Yes, that is different. Perhaps it's just confusing wording on the part of Zytrax then...?
Anyways, thanks for the clarification. -- Isaac Freeman - Systems Administrator IBM Information Protection Services [email protected] 919-254-0245 From: Roland Gruber <[email protected]> To: [email protected] Date: 09/29/2011 02:28 PM Subject: Re: [Lam-public] OpenLDAP ppolicy attributes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Isaac, Am 27.09.2011 21:31, schrieb Isaac Freeman: >>From the Zytrex page: "Add the operational attribute pwdReset with a value > of either TRUE or FALSE. FALSE is only effective if the password has not > expired and has the same effect as deleting pwdAccountLockedTime. " > > So I don't think LAM uses the pwdReset attribute correctly as it was > intended. It should probably be more like: have a button to reset the > account, and 2 radio buttons to represent the TRUE and FALSE settings (with > probably more descriptive labels). the strange thing is that the official OpenLDAP documentation does not include this override possibility. http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&sektion=0&manpath=OpenLDAP +2.4-Release&format=html pwdReset This attribute indicates whether the user's password has been reset by the administrator and thus must be changed upon first use of this DN for authentication to the directory. If pwdReset is set to "TRUE", then the password was reset and the user must change it upon first authentication. If the attribute does not exist, or is set to "FALSE", the user need not change their password due to administrative reset. There is no difference between FALSE and non-existent. So I am not sure if this is an official feature of OpenLDAP and why Zytrax includes this? - -- Best regards Roland Gruber LDAP Account Manager http://www.ldap-account-manager.org/ Want more? Get LDAP Account Manager Pro! http://www.ldap-account-manager.org/lamcms/lamPro -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6EuAIACgkQq/ywNCsrGZ6+XwCfY4T4536QhlVEV1dEWFJobP8X xokAnRDE5g8Cmp4wClf+a6zb6UKFqplA =U9F9 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
<<inline: graycol.gif>>
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
