2014-03-02 18:35 GMT+01:00 Michael Ströder <[email protected]>: > Clément OUDOT wrote: > > 2014-03-01 20:07 GMT+01:00 Michael Ströder <[email protected]>: > > > >> Clément OUDOT wrote: > >>> An entry that is not associated to a password policy (and no default > >>> ppolicy configured) should not own any ppolicy operational attribute. > >> > >> Why? > >> > >> 'pwdFailureTime' is declared as > >> > >> NO-USER-MODIFICATION > >> USAGE directoryOperation > >> > >> and is not referenced in any object class at all. > > > > But it is an operational attribute of password policy, and it is loaded > > with ppolicy overla. > > So what? > > Can you please point me to any text saying that 'pwdFailureTime' MUST NOT > be > used if password lockout is not used and especially why? >
That's not what I said. I said pwdFaliureTime must not be updated for an entry without ppolicy attached, nothing to see with password lockout. > > >> In the context of this discussion you can only argue that it should or > >> should > >> not be replicated. But ITS#7788 is not a bug. It's just a certain > >> implementation. > > > > It is your point of view, not mine. An OpenLDAP developer should give its > > own. > > Yes, it's my personal view. Just like saying ITS#7788 is a bug is yours. > > Please read well the ITS. There is nothing linked to password lockout. Clément.
