Re: ppolicy by group

[Gavin Henry <ghenry@OpenLDAP.org>]

Jeroen van Aart wrote:
> Howard Chu wrote:
>
> > Read the manpage yourself, it's all explained there already.
>
> Thanks for the advice. I did that already and upon closer re-reading 
> indeed it answers some of my questions:
>
> "pwdPolicySubentry
>
> This attribute refers directly to the pwdPolicy subentry that is to be 
> used for this particular directory user. If pwdPolicySubentry exists, it 
> must contain the DN of a valid pwdPolicy object. If it does not exist, 
> the ppolicy module will enforce the default password policy rules on the 
> user associated with this authenticating DN. If there is no default, or 
>  the referenced subentry does not exist, then no policy rules will be 
> enforced."
>
> However I have been unable to verify that if I reconfigure slapd to use 
> ppolicy then its current functionality will not be influenced? I assume 
> that is the case given the above quote. But it'd be nice to have it 
> confirmed.
>
> Thank you,
> Jeroen

If you don't have a default ppolicy defined and no pwdPolicySubentry 
then slapd will perform as it is currently configured.

--
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/