[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: multiple password policies
Andreas Hasenack <ahasenack@terra.com.br> writes:
> On Wed, Jul 11, 2007 at 04:30:00PM +0200, Dieter Kluenter wrote:
>> Hi,
>> I am using ppolicy overlay control password policy. Now I would like
>> to define 3 different policies as policyDN.
>> In slapd.conf one can only define a defaultDN, how can a policyDN
>> declared in an entry? Or is editing the operational attribute
>> pwdPolicySubentray with relax control the only way?
>
> You just set pwdPolicySubentry of the entry to the DN of the policy you
> want to enforce for that particular entry. What do you mean by "relax
> control"?
The attribute is a operational attribute with NO-USER-Modification,
( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry'
DESC 'The pwdPolicy subentry in effect for
this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE directoryOperation)
for relax see draft-zeilenga-ldap-relax.txt
Relax in fact replaces manageDIT control.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6