On 9/14/10 8:40 AM, mailing lists wrote:
Hello,
I think that the pwdAttribute needs an OID value (specified by the syntax)
so you would must use the OID of the userPassword attribute which is
2.5.4.35
I thought that would be a possibility for the failure Kiran and Julien are facing, (please guys, can you give it a try ?), but IMO, there is no reason why we would not be allowed to use 'userPassword' in this context.
Using the OID instead of the alias name does not carry any extra information, as soon as the alias is valid accordingly to the schema (whatever it represents, be it an AT, OC, MR, or any of the other kind of schema objects). The syntax should just check that the alias is syntaxically correct. It's up to the ppolicy overlay to check that the value is a valid AT.
Plus the error message is really misleading if this is the cause for the error.