Le 3/20/13 6:32 PM, Heu, Tou-Soua a écrit : > I have a similar problem but instead of the system/admin account it's for an > ordinary LDAP account: > > 1) what is the process to unlock an account which has been locked due to > excessive login failure? > > Resetting the password doesn't clear the locked state. > > Looking at other LDAP products, like the IBM Tivoli Directory Server, I'm > guessing that one would need to delete both "pwdFailureTime" and > "pwdAccountLockedTime" attributes but for whatever reasons we can't delete > the later, even with the system account (this situation occurred on the 2.0 > M6 build, not sure if this was fixed in recent versions like M11). > > In reviewing the 2.0 documentation, I couldn't find answers to these other > general usage: > > 2) what is the process for unlocking an account for other scenario, if > applicable, like an expired account? > 3) how do you overwrite the password policy for a given account or container? > In another word, either: > 3.a) flag it to not be bound by any password policy, or > 3.b) set it to use a different password policy than its parent > > Thanks. > > Addendum: is this related to issue logged under DIRSERVER-1813?
yes, most certainly. This is a critical issue that needs to be fixed. Teh only possible workaround atm is to delete the user and to recreate it. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
