From 785fcca7ef16dd93aaa3ca22e17a812ab6ac250a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 11 Jul 2007 22:25:46 +0000
Subject: [PATCH] Update the password policy configuration to support a new attribute, ds-cfg-state-update-failure-policy.  This attribute makes it possible to control how the server should handle failures that may occur when attempting to update password policy state information during a bind operation.  This attribute allows the following values:

---
 opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml |   53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 53 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
index 70a2c3d..933f525 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -944,4 +944,57 @@
       </ldap:attribute>
     </adm:profile>
   </adm:property>
+
+  <adm:property name="state-update-failure-policy" mandatory="false"
+  multi-valued="false">
+    <adm:synopsis>
+      Specifies how the server should deal with the inability to update password
+      policy state information during an authentication attempt.  In particular,
+      it may be used to control whether an otherwise successful bind operation
+      should fail if a failure occurs while attempting to update password policy
+      state information (e.g., to clear a record of previous authentication
+      failures or to update the last login time), or even whether to reject a
+      bind request if it is known aheaed of time that it will not be possible to
+      update the authentication failure times in the event of an unsuccessful
+      bind attempt (e.g., if the backend writability mode is disabled).
+    </adm:synopsis>
+    <adm:default-behavior>
+      <adm:defined>
+        <adm:value>reactive</adm:value>
+      </adm:defined>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:enumeration>
+        <adm:value name="ignore">
+          <adm:synopsis>
+            If a bind attempt would otherwise be successful, then do not reject
+            it if a problem occurs while attempting to update the password
+            policy state information for the user.
+          </adm:synopsis>
+        </adm:value>
+        <adm:value name="reactive">
+          <adm:synopsis>
+            Even if a bind attempt would otherwise be successful, reject it if a
+            problem occurs while attempting to update the password policy state
+            information for the user.
+          </adm:synopsis>
+        </adm:value>
+        <adm:value name="proactive">
+          <adm:synopsis>
+            Proactively reject any bind attempt if it is known ahead of time
+            that it would not be possible to update the user's password policy
+            state information.
+          </adm:synopsis>
+        </adm:value>
+      </adm:enumeration>
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:oid>1.3.6.1.4.1.26027.1.1.443</ldap:oid>
+        <ldap:name>ds-cfg-state-update-failure-policy</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
+
 </adm:managed-object>
+

--
Gitblit v1.10.0