2014-03-01 13:29 GMT+01:00 Michael Ströder <[email protected]>: > Cyril Grosjean wrote: > > pwdFailureTime should not exist or at least should not increase when > > pwdLocjout is false. So it looks to me like a bug, as you mentioned. > > I strongly disagree. I don't use password failure lockout but I definitely > want to see pwdFailureTime appear! > > I disagree too. It's not because you find it useful that it should not be considered as a bug.
An entry that is not associated to a password policy (and no default ppolicy configured) should not own any ppolicy operational attribute. > > When can we expect it to be fixed ? > > There's no need for a fix. ITS#7788 is not a bug! > > I find pwdFailureTime *very* useful for reporting login failure in a > 3rd-party > component even without using slapo-ppolicy's lockout feature. > > If you don't want pwdFailureTime then simply you should not load > slapo-ppolicy. > > No, if you want pwdFailureTime, you should configure a ppolicy for the entry, or configure a default ppolicy. Clément.
