You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Joshua A. Haftel (JIRA)" <ji...@apache.org> on 2016/12/21 17:20:58 UTC
[jira] [Created] (DIRSERVER-2177) Admin account expiration
Joshua A. Haftel created DIRSERVER-2177:
-------------------------------------------
Summary: Admin account expiration
Key: DIRSERVER-2177
URL: https://issues.apache.org/jira/browse/DIRSERVER-2177
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap
Affects Versions: 2.0.0-M21
Environment: Windows 10/Cygwin
Linux RHEL6
Reporter: Joshua A. Haftel
We have added a default password policy ({{ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config}}) which stipulates a expiration time of 180 days and a single grace login for a password change after this expiration time.
This password policy works great, *except*, our {{uid=admin,ou=system}} account picks up this policy and it's password had expired and entered a locked out state.
It is our opinion that the {{uid=admin,ou=system}} should never ever get locked out since there is no way to recover from this except to delete the system directory.
In some cases deleting the system directory may be customized and deleting it would be worse than a mere inconvenience.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)