[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7089) ppolicy adds PWDFAILURETIME to organizationalUnit

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7089) ppolicy adds PWDFAILURETIME to organizationalUnit
From: h.b.furuseth@usit.uio.no
Date: Wed, 23 Nov 2011 18:01:30 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

draft-behera-ldap-password-policy:

- Says this should be supported via attribute SubtreeSpecification
  in the pwdPolicy subentry.

  I think OpenLDAP does not support this attribute, it accepts it but
  does not do anything.

- Leaves room to make the requested behavior configurable in cn=config,
  or for that matter make it the default:

  The draft mostly says ppolicy applies to "user entries".  Browsing
  it quicly, I don't see it define what that means, nor consider the
  existence of non-user entries.  A config attribute could define that.

I don't know if anyone will bother to implement this (patches welcome)
but I don't see a formal problem with whether it could/should be done.

-- 
Hallvard

Prev by Date: Re: (ITS#7093) test000-rootdse: line 66: kill: (5333) - No such process
Next by Date: Re: (ITS#7090) back-mdb produces wrong slapcat output
Index(es):
- Chronological
- Thread