[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8285) RFE slapo-ppolicy: fall back to createTimestamp
- From: hyc@symas.com
- Date: Wed, 21 Oct 2015 17:40:29 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
michael@stroeder.com wrote:
> Full_Name: Michael Str.der
> Version:
> OS:
> URL:
> Submission from: (NULL) (213.240.180.113)
>
>
> If pwdMaxAge is set in a pwdPolicy entry but the user's entry does not contain
> pwdChangedTime attribute createTimestamp should be used instead to determine
> whether password is expired or not.
>
> The case above can happen if there are already existing entries with
> userPassword and slapo-ppolicy gets installed and activated later.
>
No. The spec says for pwdChangedTime "If this attribute does not exist, the
password will never expire."
Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/