[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
- To: <matthieu.cerda@nbs-system.com>,<openldap-technical@openldap.org>, <quanah@symas.com>
- Subject: Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
- From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Date: Tue, 03 Jan 2017 08:05:16 +0100
- Content-disposition: inline
- In-reply-to: <F365AC223D2A1E22A5345243@[192.168.1.30]>
- References: <5e90d04befa90e72a414a447ab2995db@ironflake.org> <WM!a627752d55829ff9e4035bf19272d3bad5fdf8397e9dafdbe6c18995baabf9de8d608c8b7e4a902ec66d357d475a3668!@mailstronghold-1.zmailcloud.com> <e198790c-7e28-354b-c67e-41d8e12aa779@symas.com> <f398468253cd8f45c28da3675ae142bb@ironflake.org> <WM!04af1d4a7155fa6422bc55f78d22b62e3c6f9aa417b5cd4b9278ad7c6bfef6e8454270f36f475867309eb7aa4478c281!@mailstronghold-3.zmailcloud.com> <4E97C145472415D13FD2BDFF@[192.168.1.30]> <94c4d9a0-641f-dcab-4dd8-f5c27d7f730b@nbs-system.com> <WM!35b560fcd1d8be4346c04bf48238f0fce0ad9d974761b08b552280679698a5f7db8980881a4946de48349f459dcf8eba!@mailstronghold-3.zmailcloud.com> <F365AC223D2A1E22A5345243@[192.168.1.30]>
>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 03.01.2017 um 00:11 in
Nachricht <F365AC223D2A1E22A5345243@[192.168.1.30]>:
> --On Monday, January 02, 2017 2:40 PM +0100 Matthieu Cerda
> <matthieu.cerda@nbs-system.com> wrote:
>
>> Thank you very much Quanah !
>>
>> Do you think adding a note about mandatory rootdn setting in
>> slapo-ppolicy manpage would be a worthy contribution ? (I'll gladly
>> submit a patch)
>
> Hi Matthieu,
>
> It's already currently noted in the 3rd paragraph of the man page:
>
> Note that some of the policies do not take effect when the operation
> is
> performed with the rootdn identity; all the operations, when
> performed
> with any other identity, may be subjected to constraints, like
> access
> control.
>
>
> Note the bit about "all the operations, ..."
>
> If you think of a way to reword it that you feel is a better explanation,
> that could certainly be considered. :)
I think a notice who is the modifier on ppolicy changes would be woth it; specifically if it's related to RootDN ;-)
I think I had already asked earlier about some notice on ACLs that ppolicy may or may not need to work.
Regards,
Ulrich
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>