On Fri, Feb 20, 2009 at 9:21 AM, Stefan Zoerner <[email protected]> wrote:
> Emmanuel Lecharny wrote: > >> Just in addition to Emmanuel (who is right), Mike perhaps compares it to >>> vendor specific features, some LDAP servers provide (Active Directory, >>> IBM >>> Tivoli, etc.). >>> >> >> I would like to know about those features, because I think it might be >> valuable - and really easy - to add them into ADS, if needed. It's >> just a matter of adding an operational attribute into a specific >> ObjectClass and set it when we want to disable a user, for instance >> (just an idea whihc migh be dig a bit more) >> > > We can think about implementing parts of this > > http://tools.ietf.org/draft/draft-behera-ldap-password-policy/ > > It is interesting in general, and contains a chapter about locking accounts > as well. > > Unfortunately, the draft has never become an RFC, and is expired now, as > far as I know. > > Something for the "After 2.0" time, perhaps. > Yes I agree we need this in LDAP to be standardized and implemented for ADS. We could still implement the draft with careful consideration for drawbacks in the draft but again this would have to be after 2.0. Alex
