You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Joshua A. Haftel (JIRA)" <ji...@apache.org> on 2016/12/21 17:20:58 UTC

[jira] [Created] (DIRSERVER-2177) Admin account expiration

Joshua A. Haftel created DIRSERVER-2177:
-------------------------------------------

             Summary: Admin account expiration
                 Key: DIRSERVER-2177
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2177
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: ldap
    Affects Versions: 2.0.0-M21
         Environment: Windows 10/Cygwin
Linux RHEL6
            Reporter: Joshua A. Haftel


We have added a default password policy ({{ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config}}) which stipulates a expiration time of 180 days and a single grace login for a password change after this expiration time.

This password policy works great, *except*, our {{uid=admin,ou=system}} account picks up this policy and it's password had expired and entered a locked out state.

It is our opinion that the {{uid=admin,ou=system}} should never ever get locked out since there is no way to recover from this except to delete the system directory.

In some cases deleting the system directory may be customized and deleting it would be worse than a mere inconvenience.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)