Justin Crawford wrote: > Howdy- > > I have noticed something unexpected. > > Setting "passwordRetryCount" programatically (e.g. with ldapmodify) to > some value higher than our limit (say, 10) causes an account to be > locked, right? Well, yes, but only after that account has been locked > at least once the old-fashioned way, by trying to bind too many times > with a bad password. > > Brand new accounts* that've never been locked the old-fashioned way do > not mind a passwordRetryCount of 1000; these accounts can bind > successfully, and their passwordRetryCount gets set to 0. > > Does this make sense? If so, what's the additional attribute involved > in locking, and what are its potential values? > http://directory.fedora.redhat.com/wiki/Howto:PasswordReset > Thanks! > > Justin > > *Created with minimal attributes using ruby's net/ldap library. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070117/bdb0e1c4/attachment.bin