We were testing out password policy and noticed that attributes like pwdFailureTime that are modified during operation are commented out in the schema so they can't be viewed by the admin.
Does anybody know the reasoning for this? We are thinking that we will want to be able to see them for debugging problems when we implement a password policy. But I wondered if that can cause problems if we put them in the schema or if their are other ways to get to current values on accounts.
--On Friday, March 08, 2013 12:45 PM -0500 John Baker johnnyb@marlboro.edu wrote:
We were testing out password policy and noticed that attributes like pwdFailureTime that are modified during operation are commented out in the schema so they can't be viewed by the admin.
They are commented out because they are hard coded in the object. Your inability to "view" them has nothing to do with this. If they didn't exist in the schema, you couldn't modify them at all. I suggest you read up on "operational" attributes and how to request them.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
John Baker -
Quanah Gibson-Mount