Re: multi-valued nsAccountLock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Mitja,

the value of this attribute is checked against "true" internally in RHDS to decide if an account is locked or not.

Even if the attribute is multi valued by definition, internally it's considered single valued. Only the first value is taken into account.

Using this attribute for other purposes will interfere with password policy and particularly if the value is different than true, the account will be considered as locked.

I would propose to define a custom attribute to define different aspects of account inactivation.

Regards,

German.


----- Original Message -----
> From: "Mitja Mihelič" <mitja.mihelic@xxxxxxxx>
> To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Friday, July 10, 2015 2:35:34 PM
> Subject: Re:  multi-valued nsAccountLock
> 
> Re-lifing an old thread here, but I have been searching for the same answer.
> 
> We were thinking of using the multi-value feature to lock various
> aspects of an account.
> By entering values like web, mail, app would mean no access to the
> respective service.
> 
> Are there any ideas on multi-value feature for nsAccountLock?
> Will it be redefined as a single-value attribute allowing only true/false?
> 
> Kind regards, Mitja
> 
> On 04. 07. 2013 13:47, Pierre ROUDIER wrote:
> > Hi all,
> >
> > RedHat DS's doc states that the nsAccountLock attribute is multi-valued
> > [1].
> > Some tests with 389ds led me to think it's also true for 389ds.
> >
> > I cannot think of any reason explaining why it would have to be
> > multi-valued.
> > Do you have any idea?
> >
> > Thank you.
> >
> > [1]
> > https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/nsAccountLock.html
> >
> > --
> > 389 users mailing list
> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux