HI!
I've implemented the use-case in web2ldap for unlocking entries which were
locked out because of password failure. IMHO it mainly boils down to delete
the relevant attributes from the entry. Another similar use-case is to unset
all password-relevant attributes.
Now I'm looking for proprietary password-relevant attributes in various
directory server implementations. I'd be glad to receive some input. A public
test LDAP server would be great.
So far I have this attribute lists:
For unlocking:
# Samba-Passwortattribute
u'sambaBadPasswordCount',u'sambaBadPasswordTime',
# draft-behera-ldap-password-policy
u'pwdAccountLockedTime',u'pwdFailureTime',
For unsetting everything:
u'userPassword',
# Samba-Passwortattribute
u'sambaBadPasswordCount',u'sambaBadPasswordTime',
u'sambaClearTextPassword',
u'sambaLMPassword',u'sambaNTPassword',u'sambaPasswordHistory',
u'sambaPreviousClearTextPassword',
# draft-behera-ldap-password-policy
u'pwdAccountLockedTime',u'pwdHistory',u'pwdChangedTime',
u'pwdFailureTime',u'pwdReset',
Ciao, Michael.
