[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7089) ppolicy adds PWDFAILURETIME to organizationalUnit

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7089) ppolicy adds PWDFAILURETIME to organizationalUnit
From: michael@stroeder.com
Date: Mon, 21 Nov 2011 15:03:42 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

NoÃ«l KÃ¶the wrote:
>> noel debian.org wrote:
>>> IMHO it is a bug that the ppolicy adds the PWDFAILURETIME attribute
>>> to DN's which don't have a userPassword attribute and cannot get
>>> one.
> 
>> Hmm, this is somewhat debatable. I'm not sure. But I also don't see any
>> harm in the current behaviour. It's surely the client configuration
>> which needs to
> 
> :(
> 
>> be fixed.
> 
> In my case the behaviour is pollution my data with unneeded and unwanted 
> data in ous which I want to prevent. I don't have control over the 
> clients so sadly I cannot fix the source of the problem (the requests). 
> The PWDFAILURETIME (and PWDACCOUNTLOCKEDTIME) is only useful when there 
> is a userPassword: attribute ( when using pwdAttribute: userPassword). Is
> there any chance that the behaviour is accepted as a problem?

Maybe you got me wrong: I don't have a really strong opinion on that (nor am
I the one who decides on this).

The question is: What should the pwdFailureTime exactly mean?

I understand what's your personal opinion on that and I somewhat support it.
But there might be corner-cases where the current behaviour makes sense.

Ciao, Michael.

Prev by Date: (ITS#7093) test000-rootdse: line 66: kill: (5333) - No such process
Next by Date: ITS#7059 UTF8StringNormalize issue
Index(es):
- Chronological
- Thread