Full_Name: Andrew Findlay
OS: OpenSuSE 11.3
Submission from: (NULL) (184.108.40.206)
slapo-ppolicy.5 incorrectly includes the NO-USER-MODIFICATION flag in the schema
fragments for pwdPolicySubentry and pwdAccountLockedTime.
That's how they were defined in the IETF Draft. The schema fragments in the
manpage were copied directly from the spec. The fact that the current
implementation deviates from the spec is just out of necessity to make things
work at all in our present code base. Things will not always work this way...
In addition, the description of pwdAccountLockedTime does not make it
this attribute can be changed by administrative action.
The attached patch is a suggested clarification for the manpage.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/