Em Qua, 2007-09-26 às 17:12 +0200, Guillaume Rousse escreveu: > So, I set up a very minimal default password policy object, as it seems > to be quite mandatory: > dn: cn=default,ou=policies,dc=futurs,dc=inria,dc=fr > cn: default > objectClass: pwdPolicy > objectClass: organizationalRole > pwdAttribute: userPassword > pwdMaxAge: 0 > pwdInHistory: 0 > pwdCheckQuality: 0 > > Then I tried to add a pwdAccountLockedTime attribute to a user: > dn: uid=rousse,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr > changetype: modify > add: pwdAccountLockedTime > pwdAccountLockedTime: 0 > > Error: pwdAccountLockedTime: value #0 invalid per syntax
The syntax is wrong. Try this value: pwdAccountLockedTime: 000001010000Z >From the slapo-ppolicy manpage: "If pwdAccountLockedTime is set to 000001010000Z, the user's account has been permanently locked and may only be unlocked by an administrator."