Networking
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
Go Back   Web Development Archives Mailing Lists Networking
Reload this Page

Question pertaining to PPolicy overlay feature

Discuss Question pertaining to PPolicy overlay feature in the Networking forum on Dev Archives.
Question pertaining to PPolicy overlay feature Networking list covers authentication errors, proxies, Ethernet hardware such as cable/DSL routers, and servers.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Display Modes
 
Unread Web Development Archives Sponsor:
  #1  
Old September 1st, 2005, 01:58 PM
Shawn McKinney
Guest
Dev Archives Newbie (0 - 499 posts)
  
Posts: n/a  
Time spent in forums:
Reputation Power:
Question pertaining to PPolicy overlay feature
To reset a user's LDAP account that has been locked
due maxFailure bind failures, my client program
performs the following steps:

the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute

Testing w/ version 1.56 ppolicy module the above steps
work flawlessly. The user must change password on
subsequent bind per PW policy setting.

But when I upgrade to latest version of ppolicy
module, 1.60, I get constraint violation when I
attempt removal of user's pwdLockedTime attribute.

My question is, for situations when the user account
is locked, how do we reset the user account
programatically? I have found leaving the pwdReset
flag alone will not unlock the user's account.

Thanks,

Shawn
Reply With Quote
  #2  
Old September 1st, 2005, 03:45 PM
Howard Chu
Guest
Dev Archives Newbie (0 - 499 posts)
  
Posts: n/a  
Time spent in forums:
Reputation Power:
Question pertaining to PPolicy overlay feature
In revision 1.58 I updated the operational attribute schema to match
draft 9 of the password policy specification; it makes a number of
attributes non-user-modifiable, including pwdAccountLockedTime. We may
have to back out a couple more of these changes if there is no internal
mechanism to alter these attributes. I'll raise this question on the
ldapext mailing list and see what answers we get.

Shawn McKinney wrote:
To reset a user's LDAP account that has been locked
due maxFailure bind failures, my client program
performs the following steps:
>
the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute
>
Testing w/ version 1.56 ppolicy module the above steps
work flawlessly. The user must change password on
subsequent bind per PW policy setting.
>
But when I upgrade to latest version of ppolicy
module, 1.60, I get constraint violation when I
attempt removal of user's pwdLockedTime attribute.
>
My question is, for situations when the user account
is locked, how do we reset the user account
programatically? I have found leaving the pwdReset
flag alone will not unlock the user's account.
>
Thanks,
>
Shawn
>
>



--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
LDAP Core Team
Reply With Quote
Reply

Viewing: Web Development Archives Mailing Lists Networking > Question pertaining to PPolicy overlay feature

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway
Stay green...Green IT