directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: ads-pwdLockoutDuration flag
Date Fri, 28 Jun 2013 13:43:40 GMT
Le 6/28/13 3:24 PM, Slavomir Kocka a écrit :
> Thanks for response...
> Yes, I read it, it was mentioned there above...
> However, it didn't work for me well.
> Originally I had:
> ads-pwdLockout: TRUE
> ads-pwdLockoutDuration: 0
> Which is default. When some users locked-out themselves, I stopped servers, set ads-pwdLockoutDuration
= 5, and started servers (just to avoid brute force login attempts)
> However accounts, which were locked during TRUE/0 configuration, didn't unlock...

0 in this context means infinite. The thing is that once the users who
were locked with 0 (ie infinite) will remain locked forever, no matter
what (unless the admin unlock them)
> Does duration apply only to newly locked accounts, or is it some bug?

I don't think there is a bug. Although I think that having 0 as a
default value is not necessarily the smartests idea we have had...

Kiran, do you have something more to add ?

Emmanuel Lécharny 

View raw message