[Date Prev][Date Next] [Chronological] [Thread] [Top]

PPolicy overlay and hidden user attributes.

To: openldap-software@OpenLDAP.org
Subject: PPolicy overlay and hidden user attributes.
From: dennis@demarco.com
Date: Thu, 28 Apr 2005 11:03:13 -0400 (EDT)

I'm playing with the password policy overlay and it seems to be working, but I can't see any of the user attributes that the policy sets on an user object in my ldapbrowser:

pwdChangedTime, pwdAccountLockedTime, pwdExpirationWarned,
pwdFailureTime, pwdHistory, pwdGraceUseTime, pwdReset,
pwdPolicySubEntry

I've turned off for testing all my access controls (left it to the default: if no access controls are present, the default policy allows anyone and everyone to read anything) and I'm bound as the administrator defined in my slapd.conf.

I'm using the test schema for password policies as a baseline. I can upload the ppolicy.ldiff into my server and I know all the schema is active as it doesn't give any errors (pwdPolicySubEntry on the test object loads fine)

Are these "internal" attributes? Is this normal behavior? Can I see these attributes in my browser and edit them if needed? The issue that I face if I implement these password policies is how can I tell by using ldapbrowser an account has been locked out?

Just a bit confused on how to get to these objects,

Thanks,
Dennis

Follow-Ups:
- Re: PPolicy overlay and hidden user attributes.
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: (64) naming attribute 'dc' is not present in entry
Next by Date: slapadd: could not parse entry (line=14112)
Index(es):
- Chronological
- Thread