Hi guys,

     We have an issue in the server where the admin (uid=admin,ou=system) account can get locked
     permanently based on the ppolicy configuration to lock accounts [1].

     IMO we should allow all user and admin accounts to get locked permanently (again, based on the ppolicy config)
     except the system's built-in admin account (uid=admin,ou=system). This is just to prevent any abuse involving a
     regular admin account.

     Please suggest if you have any other opinions or suggestions based on the operations perspective in a production environment.

[1] https://issues.apache.org/jira/browse/DIRSERVER-1812

--
Kiran Ayyagari
http://keydap.com