Andrew Findlay schrieb: > On Mon, Feb 14, 2011 at 02:23:30PM -0800, Howard Chu wrote: > > Jan Kohnert wrote: > > >So there comes the next question: Is there a way to lock out specific > > >users permanently (other than creating a cronjob setting the lockout > > >time new after 900s) or do I need to set pwdLockoutDuration to inf and > > >so are forced to manually reset users whose accounts were tried to be > > >cracked? > > > > Read the slapo-ppolicy manpage again. This is explicitly documented. > > I assume that you are talking about setting pwdAccountLockedTime to > 000001010000Z which is what I have generally done in these situations. This is exactly what I was looking for. Did I overread why this special date is supposed to be date "0"? From a simple point of view I would have expected it to be all zeros. Date gives: jankoh@kohni ~ $ date -d 0 "+%Y%m%d%H%M%SZ" 20110216000000Z jankoh@kohni ~ $ which was today 0 o'clock. Thanks again and best regards. -- MfG Jan
Attachment:
signature.asc
Description: This is a digitally signed message part.