2014-03-01 13:29 GMT+01:00 Michael Ströder michael@stroeder.com:
Cyril Grosjean wrote:
pwdFailureTime should not exist or at least should not increase when pwdLocjout is false. So it looks to me like a bug, as you mentioned.
I strongly disagree. I don't use password failure lockout but I definitely want to see pwdFailureTime appear!
I disagree too. It's not because you find it useful that it should not be considered as a bug.
An entry that is not associated to a password policy (and no default ppolicy configured) should not own any ppolicy operational attribute.
When can we expect it to be fixed ?
There's no need for a fix. ITS#7788 is not a bug!
I find pwdFailureTime *very* useful for reporting login failure in a 3rd-party component even without using slapo-ppolicy's lockout feature.
If you don't want pwdFailureTime then simply you should not load slapo-ppolicy.
No, if you want pwdFailureTime, you should configure a ppolicy for the entry, or configure a default ppolicy.
Clément.