Andreas Hasenack a écrit : > Em Qua, 2007-09-26 às 17:12 +0200, Guillaume Rousse escreveu: >> So, I set up a very minimal default password policy object, as it seems >> to be quite mandatory: >> dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr >> cn: default >> objectClass: pwdPolicy >> objectClass: organizationalRole >> pwdAttribute: userPassword >> pwdMaxAge: 0 >> pwdInHistory: 0 >> pwdCheckQuality: 0 >> >> Then I tried to add a pwdAccountLockedTime attribute to a user: >> dn: uid=rousse,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr >> changetype: modify >> add: pwdAccountLockedTime >> pwdAccountLockedTime: 0 >> >> Error: pwdAccountLockedTime: value #0 invalid per syntax > > The syntax is wrong. Try this value: > pwdAccountLockedTime: 000001010000Z > >>From the slapo-ppolicy manpage: > "If pwdAccountLockedTime is set to 000001010000Z, the user's account has > been permanently locked and may only be unlocked by an administrator." Arghhhhh... The man pages from 2.3.27, and the one I found on google (http://linux.die.net/man/5/slapo-ppolicy) were wrong :( Current version is OK, tough.
Anyway, thanks a lot :) -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62
