2014-03-01 20:07 GMT+01:00 Michael Ströder <michael@stroeder.com>:

Clément OUDOT wrote:
> An entry that is not associated to a password policy (and no default
> ppolicy configured) should not own any ppolicy operational attribute.

Why?

'pwdFailureTime' is declared as

NO-USER-MODIFICATION
USAGE directoryOperation

and is not referenced in any object class at all.

But it is an operational attribute of password policy, and it is loaded with ppolicy overla.

In the context of this discussion you can only argue that it should or should
not be replicated. But ITS#7788 is not a bug. It's just a certain implementation.

It is your point of view, not mine. An OpenLDAP developer should give its own.

Clément.