Re: (ITS#5040) modifyTimestamp being updated on login (bind) failure

I'd defer to those with more expertise, but my vote is to
avoid changing 
the modifyTimestamp attribute.  That attribute should be
updated only 
when an ldapmodify operation is performed.

I'm not familiar with the specifications, and perhaps this
isn't 
addressed there.  My intuition suggests that it shouldn't be
modified by 
operations that are not directly under the control of the
user or 
administrator.

Dan

Howard Chu wrote:
> dan.cushingnetideasinc.com wrote:
>> Full_Name: Dan Cushing
>> Version: 2.3.36
>> OS: Solaris 9
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (71.76.187.82)
>>
>>
>> When running OpenLDAP with the ppolicy overlay, the
modifyTimestamp 
>> for a user
>> entry is updated if the user attempts to login
(bind) with an incorrect
>> password.  This is happening because the password
lockout feature is 
>> enabled and
>> the operational attribute 'pwdFailureTime' is being
updated.  It 
>> seems like this
>> results in a misleading modifyTimestamp.  Is it
intended that the
>> modifyTimestamp attribute be updated when
operational attributes are 
>> updated?
>
> Hadn't really thought about it before. We can certainly
avoid this 
> though.

-- 
This electronic transmission is strictly confidential to
NetIDEAS, Inc. 
and intended solely for the addressee. It may contain
information, which 
is covered by legal, professional, or other privilege. If
you are not 
the intended addressee, or someone authorized by the
intended addressee 
to receive transmissions on the behalf of the addressee, you
must not 
retain, disclose in any form, copy or take any action in
reliance on 
this transmission. If you have received this transmission in
error, 
please notify us as soon as possible and destroy this
message.