[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions
From: hyc@symas.com
Date: Wed, 28 Sep 2005 16:00:51 GMT

Samuel Tran wrote:
> On Wed, 2005-09-28 at 08:25 -0700, Howard Chu wrote: 
>   
>> I think it may help to see your slapd.conf at this point.
>
> Howard,
>
> My apologies, I have several test servers and I forgot to add the
> following lines to my slapd.conf on the test server I am working on:
> overlay ppolicy
> ppolicy_default "cn=StdPwd,ou=Policies,dc=amnh,dc=org"
> ppolicy_use_lockout
>
> Now it is working as expected.
>
> Why is it required to specify the overlay in slapd.conf in order to use
> the pwdPolicy objectClass?
>
>   
You can use the objectClass in general, just by loading the schema file. 
But the code patch that changes the behavior of the pwdAttribute 
attributeType resides in the ppolicy overlay. If you don't use the 
overlay, the patch does not take effect. It wasn't clear to me that it 
was a good idea to change the objectIdentifier syntax behavior for all 
of slapd, so the patch is specific to the pwdAttribute attributeType. It 
may be a topic for discussion on -devel, whether a global change is more 
appropriate.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions
Next by Date: Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions
Index(es):
- Chronological
- Thread