On Tue, May 06, 2025 at 07:36:24AM +0000, Windl, Ulrich wrote: > The issue I see with ldappasswd and shadow password attributes being > used (in 2.4) is that after a password change the shadow attributes > aren't updated (causing inconsistencies between password policy and > shadow attributes regarding the time of password expiration). But most > likely it does not affect you...
Hi Ulrich, assuming you mean rfc2307(bis) attributes here: With ppolicy in effect, you shouldn't need to manage the shadow attributes since all the ppolicy tracking can and should be done either in the server or by entities who understand how to process and enforce them. This is why slapo-ppolicy doesn't deal with them in the first place. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
