Closed GoogleCodeExporter closed 9 years ago
According to this link[1], the nsaccountlock attribute seems more like account
enable/disable. The PWM lock/unlock functionality corresponds to a temporary
status of intruder lockout caused by invalid login attempts. Is there a
corresponding openldap attribute for temporary intruder flag status?
[1] http://docs.oracle.com/cd/E19225-01/820-6551/gijdz/index.html
Original comment by jrivard
on 25 Nov 2012 at 4:49
For OpenLDAP, see
http://www.zytrax.com/books/ldap/ch6/ppolicy.html#operationalattributes.
This will only work if the ppolicy modules loaded, not by default.
- Menno
Original comment by menno.pi...@gmail.com
on 26 Nov 2012 at 7:36
Added support for lock detection via reading the pwdLockout attribute, and
clearing it by deleting the pwdAccountLockedTime attribute. Added in revision
531. Please re-open this issue if you find issues with this implementation, I
do not have a DS-389 server available to test on.
Original comment by jrivard
on 11 Mar 2013 at 6:22
According to these links, 389-DS/RedHat attributes are not the same as OpenLdap
to lock/unlock a user.
http://directory.fedoraproject.org/wiki/Howto:PasswordReset
http://www.centos.org/docs/5/html/CDS/ag/8.0/User_Account_Management-Managing_th
e_Password_Policy.html#Configuring_the_Account_Lockout_Policy_Using_the_Command_
Line-Account_Lockout_Policy_Attributes
Original comment by cedric.d...@gmail.com
on 25 Mar 2013 at 11:26
Original issue reported on code.google.com by
tom.v...@gmail.com
on 6 Nov 2012 at 1:30