2014-03-01 13:29 GMT+01:00 Michael Ströder <michael@stroeder.com>:
Cyril Grosjean wrote:
> pwdFailureTime should not exist or at least should not increase when
> pwdLocjout is false. So it looks to me like a bug, as you mentioned.

I strongly disagree. I don't use password failure lockout but I definitely
want to see pwdFailureTime appear!

I disagree too. It's not because you find it useful that it should not be considered as a bug.

An entry that is not associated to a password policy (and no default ppolicy configured) should not own any ppolicy operational attribute.

> When can we expect it to be fixed ?

There's no need for a fix. ITS#7788 is not a bug! 

I find pwdFailureTime *very* useful for reporting login failure in a 3rd-party
component even without using slapo-ppolicy's lockout feature.

If you don't want pwdFailureTime then simply you should not load slapo-ppolicy.

No, if you want pwdFailureTime, you should configure a ppolicy for the entry, or configure a default ppolicy.