On 01/05/2017 10:11 PM, Noriko Hosoi wrote:
Sorry about the misunderstanding. Please file a ticket with the
expected behaviour.
https://fedorahosted.org/389/ticket/49080
I've included a patch to correct that behavior.
The rest of the shadow attribute implementation is buggy, too. First,
shadow attributes (in /etc/shadow and in LDAP) are typically unset when
no policy is in place. 389-ds will incorrectly return values (possibly
set to 0) when there is no policy. I also have a patch for that,
pending a fix to the second problem. The second problem is that when
"password never expires" is set in 389-console, pwpolicy->pw_maxage
still has a value, so shadowMax and shadowWarning still get a value.
It's not obvious to me, after looking at the passwordpolicyarray struct,
how to determine whether password expiration is checked. If you can
give me a hint there, I can fix those bugs as well.
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
