[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ppolicy by group
Gavin Henry wrote:
man slapo-ppolicy:
"Every account that should be subject to password policy control should
have a pwdPolicySubentry attribute containing the DN of a valid
pwdPolicy entry, or they can simply use the configured default. In this
way different users may be managed according to different policies."
Is it safe to conclude from that that if there is no default policy
configured then unless an account has a pwdPolicySubentry containing the
DN of a valid pwdPolicy entry it will not be subject to password policy?
Also is it generally safe to configure the policy overlay in a currently
running and used openldap server? This would not affect current
authentication for example? Having not configured a default, if the
above is true, one could by hand switch on the policy by setting
pwdPolicySubentry?
Thank you,
Jeroen