Emmanuel Lecharny wrote:
Just in addition to Emmanuel (who is right), Mike perhaps compares it to
vendor specific features, some LDAP servers provide (Active Directory, IBM
Tivoli, etc.).
I would like to know about those features, because I think it might be
valuable - and really easy - to add them into ADS, if needed. It's
just a matter of adding an operational attribute into a specific
ObjectClass and set it when we want to disable a user, for instance
(just an idea whihc migh be dig a bit more)
We can think about implementing parts of this
http://tools.ietf.org/draft/draft-behera-ldap-password-policy/
It is interesting in general, and contains a chapter about locking
accounts as well.
Unfortunately, the draft has never become an RFC, and is expired now, as
far as I know.
Something for the "After 2.0" time, perhaps.
Greetings from Hamburg,
Stefan
