Justin Crawford wrote:
Howdy- I have noticed something unexpected. Setting "passwordRetryCount" programatically (e.g. with ldapmodify) to some value higher than our limit (say, 10) causes an account to be locked, right? Well, yes, but only after that account has been locked at least once the old-fashioned way, by trying to bind too many timeswith a bad password.Brand new accounts* that've never been locked the old-fashioned way do not mind a passwordRetryCount of 1000; these accounts can bindsuccessfully, and their passwordRetryCount gets set to 0.Does this make sense? If so, what's the additional attribute involved in locking, and what are its potential values?
http://directory.fedora.redhat.com/wiki/Howto:PasswordReset
Thanks! Justin *Created with minimal attributes using ruby's net/ldap library. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
