Re: ppolicy by group

["Andy Loughran" <andy@zrmt.com>]

Gavin,

Sorry, in the excitement of being shown how to apply multiple policies - I 
missed how to actually do this by group.

Is there a way to add the pwdPolicySubentry: field to a Group - rather than 
a user.  So that any user in the group will have to abide by the policy - 
rather than having to apply a different policy to the user?

Regards,

Andy
----- Original Message ----- 
From: "Gavin Henry" <ghenry@suretecsystems.com>
To: "Andy Loughran" <andy@zrmt.com>
Cc: <openldap-software@openldap.org>; "Adam Leach" <adam.m.leach@gmail.com>
Sent: Tuesday, June 17, 2008 11:47 AM
Subject: Re: ppolicy by group


> Andy Loughran wrote:
> > Gavin,
> >
> > Ah, so that would suggest that adding a:
> >
> > pwdPolicySubentry: cn: lesser,ou=ppolicy,dc=example,dc=com
> >
> > to users of a specific group would allow the entire group to be managed 
> > by that particular policy.
>
> "Every account that should be subject to password policy control should
> have a pwdPolicySubentry attribute containing the DN of a valid
> pwdPolicy entry, or they can simply use the configured default. In
> this way different users may be managed according to different policies."
>
> That's what it says ;-)
>
> --
> Kind Regards,
>
> Gavin Henry.
>
> T +44 (0) 1224 279484
> M +44 (0) 7930 323266
> F +44 (0) 1224 824887
> E ghenry@suretecsystems.com
>
> Open Source. Open Solutions(tm).
>
> http://www.suretecsystems.com/
>
> Suretec Systems is a limited company registered in Scotland. Registered
> number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
> Aberdeenshire, AB51 4FP.