Clément OUDOT wrote:
2014-03-01 20:07 GMT+01:00 Michael Ströder michael@stroeder.com:
Clément OUDOT wrote:
An entry that is not associated to a password policy (and no default ppolicy configured) should not own any ppolicy operational attribute.
Why?
'pwdFailureTime' is declared as
NO-USER-MODIFICATION USAGE directoryOperation
and is not referenced in any object class at all.
But it is an operational attribute of password policy, and it is loaded with ppolicy overla.
So what?
Can you please point me to any text saying that 'pwdFailureTime' MUST NOT be used if password lockout is not used and especially why?
In the context of this discussion you can only argue that it should or should not be replicated. But ITS#7788 is not a bug. It's just a certain implementation.
It is your point of view, not mine. An OpenLDAP developer should give its own.
Yes, it's my personal view. Just like saying ITS#7788 is a bug is yours.
Ciao, Michael.