Shawn McKinney wrote:
--- Howard Chu [EMAIL PROTECTED] wrote:
The current revision in CVS HEAD makes the
pwdAccountLockedTime user
modifiable again (undoing the draft-9 change for
now) and also deletes
the attribute automatically when the password is
changed.
I've verified that
--- Howard Chu [EMAIL PROTECTED] wrote:
The current revision in CVS HEAD makes the
pwdAccountLockedTime user
modifiable again (undoing the draft-9 change for
now) and also deletes
the attribute automatically when the password is
changed.
I've verified that version 1.62 behaves in the
Shawn McKinney wrote:
Thanks. I would like to make one correction to my
earlier post that stated:
My question is, for situations when the user
account is locked, how do we reset the user account
programatically? I have found leaving the
pwdReset flag alone will not unlock the user's
To reset a user's LDAP account that has been locked
due maxFailure bind failures, my client program
performs the following steps:
On the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute
Testing w/ version
In revision 1.58 I updated the operational attribute schema to match
draft 9 of the password policy specification; it makes a number of
attributes non-user-modifiable, including pwdAccountLockedTime. We may
have to back out a couple more of these changes if there is no internal
mechanism to