Andrew Findlay schrieb:
On Mon, Feb 14, 2011 at 02:23:30PM -0800, Howard Chu wrote:
Jan Kohnert wrote:
So there comes the next question: Is there a way to lock out specific users permanently (other than creating a cronjob setting the lockout time new after 900s) or do I need to set pwdLockoutDuration to inf and so are forced to manually reset users whose accounts were tried to be cracked?
Read the slapo-ppolicy manpage again. This is explicitly documented.
I assume that you are talking about setting pwdAccountLockedTime to 000001010000Z which is what I have generally done in these situations.
This is exactly what I was looking for. Did I overread why this special date is supposed to be date "0"? From a simple point of view I would have expected it to be all zeros. Date gives: jankoh@kohni ~ $ date -d 0 "+%Y%m%d%H%M%SZ" 20110216000000Z jankoh@kohni ~ $ which was today 0 o'clock.
Thanks again and best regards.