Hi,
I have been doing more digging in the system relgarding this problem.
The -l switch appears to force the zmprov command to act directly on the ldap db.
According to the ldap schema definitions, the PasswordLockout details are within the ldap process, but as I can re-enable the account manually I still don't see how this direction is relevant.
according to the crontab files, it appears that there is no routine process defined that checks the relevant fields in the ldap tables and acts to re-enable the accounts.
I would expect a routine that attempts to do the following process
for each acct
if status=locked
if lockedTime + LockoutDuration >= currentSystemTime
set status=active
endif
endif
next acct
Attached is the output from a crontab -l for the zimbra user.
Regards,
Michael. |