2014-03-01 20:07 GMT+01:00 Michael Ströder michael@stroeder.com:
Clément OUDOT wrote:
An entry that is not associated to a password policy (and no default ppolicy configured) should not own any ppolicy operational attribute.
Why?
'pwdFailureTime' is declared as
NO-USER-MODIFICATION USAGE directoryOperation
and is not referenced in any object class at all.
But it is an operational attribute of password policy, and it is loaded with ppolicy overla.
In the context of this discussion you can only argue that it should or should not be replicated. But ITS#7788 is not a bug. It's just a certain implementation.
It is your point of view, not mine. An OpenLDAP developer should give its own.
Clément.