[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OL 2.3.7, ppolicy, how to unlock account?



Samuel Tran wrote:
Hi all,

I am testing the password policy in OL 2.3.7 on a Debian Linux Sarge
server.

I managed to lock an account after intentionally binding with a wrong
password 3 times. Now how can I unlock the account? I looked at the man
page for slapo-ppolicy and the draft-behera-ldap-password-policy-xx.txt
file. But couldn't find anything.
Between 2.3.6 and 2.3.7 I made a schema change to follow draft-09 of the password policy spec. It appears this was a bad idea, as it prevents you from deleting the pwdAccountLockedTime attribute. (In the development source, you can use the ManageDIT control to accomplish it, but this control wasn't enabled in the Release code.) If you grab the current ppolicy.c from CVS HEAD this problem is fixed, some of the draft-09 schema changes are undone so that you can still manipulate these attributes.

Also with the version in CVS, resetting the password automatically unlocks the account.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/