[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp



michael@stroeder.com wrote:
> Full_Name: Michael Str.der
> Version:
> OS:
> URL:
> Submission from: (NULL) (213.240.180.113)
>
>
> If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain
> pwdChangedTime attribute createTimestamp should be used instead to determine
> whether password is expired or not.
>
> The case above can happen if there are already existing entries with
> userPassword and slapo-ppolicy gets installed and activated later.
>

No. The spec says for pwdChangedTime "If this attribute does not exist, the 
password will never expire."

Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/