directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [ApacheDS] - Account permanently locked
Date Wed, 20 Mar 2013 18:18:01 GMT
Le 3/20/13 6:32 PM, Heu, Tou-Soua a écrit :
> I have a similar problem but instead of the system/admin account it's for an ordinary
LDAP account:
> 1) what is the process to unlock an account which has been locked due to excessive login
> Resetting the password doesn't clear the locked state.
> Looking at other LDAP products, like the IBM Tivoli Directory Server, I'm guessing that
one would need to delete both "pwdFailureTime"  and "pwdAccountLockedTime" attributes but
for whatever reasons we can't delete the later, even with the system account (this situation
occurred on the 2.0 M6 build, not sure if this was fixed in recent versions like M11).
> In reviewing the 2.0 documentation, I couldn't find answers to these other general usage:
> 2) what is the process for unlocking an account for other scenario, if applicable, like
an expired account?
> 3) how do you overwrite the password policy for a given account or container? In another
word, either:
>        3.a) flag it to not be bound by any password policy, or
>        3.b) set it to use a different password policy than its parent
> Thanks.
> Addendum: is this related to issue logged under DIRSERVER-1813?

yes, most certainly.

This is a critical issue that needs to be fixed. Teh only possible
workaround atm is to delete the user and to recreate it.

Emmanuel Lécharny 

View raw message