Samuel Tran wrote:
Hi all,
I am testing the password policy in OL 2.3.7 on a Debian Linux Sarge
server.
I managed to lock an account after intentionally binding with a wrong
password 3 times. Now how can I unlock the account? I looked at the man
page for slapo-ppolicy and the draft-behera-ldap-password-policy-xx.txt
file. But couldn't find anything.
Between 2.3.6 and 2.3.7 I made a schema change to follow draft-09 of the
password policy spec. It appears this was a bad idea, as it prevents you
from deleting the pwdAccountLockedTime attribute. (In the development
source, you can use the ManageDIT control to accomplish it, but this
control wasn't enabled in the Release code.) If you grab the current
ppolicy.c from CVS HEAD this problem is fixed, some of the draft-09
schema changes are undone so that you can still manipulate these attributes.
Also with the version in CVS, resetting the password automatically
unlocks the account.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/