directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua A. Haftel (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-2177) Admin account expiration
Date Wed, 21 Dec 2016 17:20:58 GMT
Joshua A. Haftel created DIRSERVER-2177:

             Summary: Admin account expiration
                 Key: DIRSERVER-2177
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: ldap
    Affects Versions: 2.0.0-M21
         Environment: Windows 10/Cygwin
Linux RHEL6
            Reporter: Joshua A. Haftel

We have added a default password policy ({{ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config}})
which stipulates a expiration time of 180 days and a single grace login for a password change
after this expiration time.

This password policy works great, *except*, our {{uid=admin,ou=system}} account picks up this
policy and it's password had expired and entered a locked out state.

It is our opinion that the {{uid=admin,ou=system}} should never ever get locked out since
there is no way to recover from this except to delete the system directory.

In some cases deleting the system directory may be customized and deleting it would be worse
than a mere inconvenience.

This message was sent by Atlassian JIRA

View raw message