Andreas Hasenack a écrit :
Em Qua, 2007-09-26 às 17:12 +0200, Guillaume Rousse escreveu:
So, I set up a very minimal default password policy object, as it seems to be quite mandatory: dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr cn: default objectClass: pwdPolicy objectClass: organizationalRole pwdAttribute: userPassword pwdMaxAge: 0 pwdInHistory: 0 pwdCheckQuality: 0
Then I tried to add a pwdAccountLockedTime attribute to a user: dn: uid=rousse,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: 0
Error: pwdAccountLockedTime: value #0 invalid per syntax
The syntax is wrong. Try this value: pwdAccountLockedTime: 000001010000Z
From the slapo-ppolicy manpage:
"If pwdAccountLockedTime is set to 000001010000Z, the user's account has been permanently locked and may only be unlocked by an administrator."
Arghhhhh... The man pages from 2.3.27, and the one I found on google (http://linux.die.net/man/5/slapo-ppolicy) were wrong :( Current version is OK, tough.
Anyway, thanks a lot :)