You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/28 10:05:00 UTC

[jira] [Updated] (DIRSERVER-2177) Admin account expiration

     [ https://issues.apache.org/jira/browse/DIRSERVER-2177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-2177:
-----------------------------------------
    Component/s:     (was: ldap)
                 ppolicy

> Admin account expiration
> ------------------------
>
>                 Key: DIRSERVER-2177
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2177
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ppolicy
>    Affects Versions: 2.0.0-M21
>         Environment: Windows 10/Cygwin
> Linux RHEL6
>            Reporter: Joshua A. Haftel
>            Priority: Major
>
> We have added a default password policy ({{ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config}}) which stipulates a expiration time of 180 days and a single grace login for a password change after this expiration time.
> This password policy works great, *except*, our {{uid=admin,ou=system}} account picks up this policy and it's password had expired and entered a locked out state.
> It is our opinion that the {{uid=admin,ou=system}} should never ever get locked out since there is no way to recover from this except to delete the system directory.
> In some cases deleting the system directory may be customized and deleting it would be worse than a mere inconvenience.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org