On Fri, Mar 22, 2013 at 7:04 PM, Emmanuel Lécharny <firstname.lastname@example.org>
Le 3/22/13 2:25 PM, Kiran Ayyagari a écrit :
> Hi guys,Let me sum up :
> We have an issue in the server where the admin (uid=admin,ou=system)
> account can get locked
> permanently based on the ppolicy configuration to lock accounts .
> IMO we should allow all user and admin accounts to get locked
> permanently (again, based on the ppolicy config)
> except the system's built-in admin account (uid=admin,ou=system). This
> is just to prevent any abuse involving a
> regular admin account.
- any user can be locked permanently
- admin users may also be locked permanently
- the super-admin cannot be locked permanently
correct ? (If so, my +1)
That raises another question here (see ) :
- assuming that  is solved, the super admin can unlock all the users
*and* all the admins ?
- a 'normal' admin can only lock users, not admins ?
PS : admins are the account present in the administrators branch atm.
Won't it make sense to get rid of such a distinction, and to uses ACI
+1 , we have to fix DefaultCoreSession's isAnAdministrator() method for this
>  https://issues.apache.org/jira/browse/DIRSERVER-1812