You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/28 10:05:00 UTC
[jira] [Updated] (DIRSERVER-2177) Admin account expiration
[ https://issues.apache.org/jira/browse/DIRSERVER-2177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-2177:
-----------------------------------------
Component/s: (was: ldap)
ppolicy
> Admin account expiration
> ------------------------
>
> Key: DIRSERVER-2177
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2177
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ppolicy
> Affects Versions: 2.0.0-M21
> Environment: Windows 10/Cygwin
> Linux RHEL6
> Reporter: Joshua A. Haftel
> Priority: Major
>
> We have added a default password policy ({{ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config}}) which stipulates a expiration time of 180 days and a single grace login for a password change after this expiration time.
> This password policy works great, *except*, our {{uid=admin,ou=system}} account picks up this policy and it's password had expired and entered a locked out state.
> It is our opinion that the {{uid=admin,ou=system}} should never ever get locked out since there is no way to recover from this except to delete the system directory.
> In some cases deleting the system directory may be customized and deleting it would be worse than a mere inconvenience.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org