[email protected] wrote: > Full_Name: Guillaume Rousse > Version: 2.4.16 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (195.83.212.136) > > > Current ppolicy implementation allows to administratively lock a password, by > setting pwdAccountLockedTime attribute to '000001010000Z' value. However, > despite this value actually being a generalized date, setting it to any other > date in the future doesn't work as expected. Moreover, this is an operational > attribute, which is primarily supposed to be handled by slapd itself. > > As a consequence, a normal pwdExpirationDate attribute, which itself would set > a > boolean operational attribute pwdExpired attribute to a true value, would be > desirable.
Since the ppolicy module's behavior is dictated by the Behera draft, any suggestions for changes in this area should probably first be raised on the ietf-ldapext mailing list. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
