29 Jun
2008
29 Jun
'08
11:43 a.m.
Andrew Findlay wrote:
Indeed, though draft-behera-ldap-password-policy-xx.txt is a bit unclear on the subject of that attribute:
5.3.3 pwdAccountLockedTime
The current implementation does allow admins to set the value, which appears to be the only way to lock/unlock an account without changing the password.
The current implementation allows pretty much anybody to set the attribute. It's intended that it can only be set when using the Relax Constraints control.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/