<quote who="hyc@symas.com">
ahasenack@terra.com.br wrote:
On Mon, May 21, 2007 at 09:25:23PM +0000, ghenry@OpenLDAP.org wrote:
draft-behera-ldap-password-policy-xx.txt and ppolicy.schema list:
"A 000001010000Z value means that the account has been locked permanently, and that only a password administrator can unlock the account."
But pwdAccountLockedTime doesn't use integerMatch, so an example of the above syntax is needed with anything that has a generalizedTimeMatch. I think pwdAccountLockedTime is the only one?
The slapo-ppolicy(5) manpage is actually misleading. It implies that the value is a plain zero, which doesn't work: "If pwdAccountLockedTime is set to zero (0), the user's account (...)"
That text in the manpage came from an earlier revision of the ppolicy draft; it just wasn't updated when the meaning was clarified in a later draft version. Looks like Gavin has fixed it in HEAD now.
Yes, sorry. I thought silence meant it was ok to go ahead.
This is my first ever commit, so I'll be a bit more patient next time ;-)
Thanks.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/