directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@gmail.com>
Subject Re: Missing information on how to lock a user account
Date Sun, 22 Feb 2009 15:24:55 GMT
On Fri, Feb 20, 2009 at 9:21 AM, Stefan Zoerner <stefan@labeo.de> wrote:

> Emmanuel Lecharny wrote:
>
>> Just in addition to Emmanuel (who is right), Mike perhaps compares it to
>>> vendor specific features, some LDAP servers provide (Active Directory,
>>> IBM
>>> Tivoli, etc.).
>>>
>>
>> I would like to know about those features, because I think it might be
>> valuable - and really easy - to add them into ADS, if needed. It's
>> just a matter of adding an operational attribute into a specific
>> ObjectClass and set it when we want to disable a user, for instance
>> (just an idea whihc migh be dig a bit more)
>>
>
> We can think about implementing parts of this
>
> http://tools.ietf.org/draft/draft-behera-ldap-password-policy/
>
> It is interesting in general, and contains a chapter about locking accounts
> as well.
>
> Unfortunately, the draft has never become an RFC, and is expired now, as
> far as I know.
>
> Something for the "After 2.0" time, perhaps.
>

Yes I agree we need this in LDAP to be standardized and implemented for
ADS.  We could still implement the draft with careful consideration for
drawbacks in the draft but again this would have to be after 2.0.

Alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message